Main Menu
Network
Sponsor
Top 10 Sites
Partners
|
|
Top Submit newsSubscribe 
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
| Sponsored links | Want to become one of our authors and see your work published on ALLSeek.iNFO ?
| | D-iscussion Board Php function vulnerable to Cross-Site Scripting Attacks |
|---|
Categorie: Vulnerability
Posted: 2005-03-03 by basher13
Views: 357
| Current Rating: Not rated
|
| | Details |
|---|
Update:
5:20 PM 3/3/2005
Subject:
" D-iscussion Board Php function vulnerable to Cross-Site Scripting Attacks "
Description:
D-iscussion Board is a forum written entirely in PHP, with no use at all of MySQL.D-iscussion
Board is a totally original forum script, and thus boasts having totally original and exclusive
features.
The script was first written between 21st and 23rd February 2003 in PHP by Daniel D'Agostino,
and the latest version is now 2.41 after 24 updates (including the first time it was written).
A vulnerable on 'index.php?topic=' function was found that can be use to execute Cross-Site Scripting.
This cause file cannot copy,create (write,read permission)on folder tpcdata and post for created [CSS]
to make a page whit file extention .php.
Demo:
http://[url]/forum/index.php?topic=
Exploit:
1.http://[url]/forum/index.php?topic=<script>alert('Granted Vulnerbale test')</script>
2.http://[url]/forum/index.php?topic=vulnerable_topic
Solution:
No solution was available at the time of this entry.
Other advice protect some files/folder whit attribute permission or CHMOD them to write,read,execute (664)
Also upgrade/update the product for future version.
Vendor URL:
http://shiftedphase.com/dino/codex/index.php
Reported by:
basher13 [at]linuxmail.org
Infamous Group - http://98.to/infamous
| | Links |
|---|
http://shiftedphase.com/dino/codex/index.php
| | Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=1398
| | User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
| Previous articleBack to news listNext article
|
|
|
|
InterJOB.su
|
