DVBBS Multiple variable Cross site scripting

#############################################
DVBBS Multiple variable Cross site scripting
vendor url:http://down.dvbbs.net/
SoftView/SoftView_2455.html
Advisory:http://lostmon.blogspot.com/2005/08/
dvbbs-multiple-variable-cross-site.html
vendor notify:yes exploit available:yes
OSVDB ID:18512,18679,18680
Securitytracker: 1014632
BID:14498
Secunia: SA16131
#############################################

DVBBS contains a flaw that allows a remote cross site scripting
attack.This flaw exists because the application does not validate
multiple variables upon submission to multiple scripts.This could
allow a user to create a specially crafted URL that would execute
arbitrary code in a user's browser within the trust relationship
between the browser and the server, leading to a loss of integrity

############
solution
############

no solution available at this time !

############
versions
############

Dvbbs 7.1 Sp2
Dvbbs 7.1

#############
timeline
#############

discovered:21-jul-2005
disclosure:21-jul-2005
public disclosure:08-ago-2005

####################
proof of concept
####################

http://[VICTIM]/dispbbs.asp?boardID=8&ID=550194&page=1[XSS-CODE]

http://[VICTIM]/dispuser.asp?name=Walltrapass[XSS-CODE]

http://[VICTIM]/boardhelp.asp?boardid=0&act=2&title=[XSS-CODE]
http://[VICTIM]/boardhelp.asp?boardid=0&view=faq[XSS-CODE]&act=3
http://[VICTIM]/boardhelp.asp?boardid=0&view=faq&act=3[XSS-CODE]
http://[VICTIM]/boardhelp.asp?boardid=0&act=2[XSS-CODE]&title=

######################## €nd ##########################

Thnx to estrella to be my ligth

atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
--
La curiosidad es lo que hace mover la mente....

Lostmon Blogger