Bugtraq mailing list archives
BetaBoard Cross Site Scripting vulnerability
From: easy.mask () gmail com
Date: 16 Apr 2006 22:44:28 -0000
//----- Advisory Program : BetaBoard Homepage : http://gonzo.uni-weimar.de/~scheffl2/betaboard/ Tested version : 0.1 Found by : Simon MOREL <philemon at thehackademy dot net> This advisory : Simon MOREL <philemon at thehackademy dot net> Discovery date : 2006/04/16 //----- Application description BetaBoard is a small german forum in which thread list is displayed as an indented tree. //----- Description of vulnerability Malicious JavaScript code can be insert in user's profile. //----- Proof Of Concept <script>alert('document.cookie')</script> //----- Impact Every user reading evil guy's profile can have his cookie stolen //----- Credits Simon MOREL <philemon at thehackademy dot net> http://www.sysdream.com //----- Greetings Celelibi for his English ;>
Current thread:
- BetaBoard Cross Site Scripting vulnerability easy . mask (Apr 17)