Bugtraq mailing list archives
Re: PunBB 1.3.6 bug
From: Henri Salo <henri () nerv fi>
Date: Mon, 26 Sep 2011 20:07:31 +0300
On Sun, Sep 25, 2011 at 02:14:37PM +0000, Amir () irist ir wrote:
##################################################################################################################### # # # Islamic Republic Of Iran Security Team # # # # Www.IrIsT.Ir # # # ##################################################################################################################### # # # PunBB <== 1.3.6 Cross-Site Scripting Vulnerabilities # # # # Download......: http://punbb.informer.com/downloads.php#1.3.6 # # # # Bug Found.....: IrIsT? # # # # discovery.....: Am!r (IrIsT?) # # # # contact.......: Amir[at]IrIsT.ir # # # # Exploit.......: http://www.site.com/browse.php?keywords=[xss]&search=Search&projects=1&styles=1&forums=1 # # # # Google Search.: "Powered By PunBB" # # # # SP TNX........: B3HZ4D & satanicstar & SeCuRiTy & m3hdi & vahid4251 & all IrIsT members # # & h4ckcity.org & phc.ir & all SP # # # #####################################################################################################################
You definately have an error here. There is no browse.php-file in PunBB installation. I don't know what your intentions were on reporting this, but definately false-positive as far as I can tell. Did you notice that several problems was fixed in this release? Regards, Henri Salo
Current thread:
- PunBB 1.3.6 bug Amir (Sep 26)
- Re: PunBB 1.3.6 bug Henri Salo (Sep 27)