#############################################
DVBBS Multiple variable Cross site scripting
vendor url:http://down.dvbbs.net/
SoftView/SoftView_2455.html
Advisory:http://lostmon.blogspot.com/2005/08/
dvbbs-multiple-variable-cross-site.html
vendor notify:yes exploit available:yes
OSVDB ID:18512,18679,18680
Securitytracker: 1014632
BID:14498
Secunia: SA16131
#############################################
DVBBS contains a flaw that allows a remote cross site scripting
attack.This flaw exists because the application does not validate
multiple variables upon submission to multiple scripts.This could
allow a user to create a specially crafted URL that would execute
arbitrary code in a user's browser within the trust relationship
between the browser and the server, leading to a loss of integrity
############
solution
############
no solution available at this time !
############
versions
############
Dvbbs 7.1 Sp2
Dvbbs 7.1
#############
timeline
#############
discovered:21-jul-2005
disclosure:21-jul-2005
public disclosure:08-ago-2005
####################
proof of concept
####################
http://[VICTIM]/dispbbs.asp?boardID=8&ID=550194&page=1[XSS-CODE]
http://[VICTIM]/dispuser.asp?name=Walltrapass[XSS-CODE]
http://[VICTIM]/boardhelp.asp?boardid=0&act=2&title=[XSS-CODE]
http://[VICTIM]/boardhelp.asp?boardid=0&view=faq[XSS-CODE]&act=3
http://[VICTIM]/boardhelp.asp?boardid=0&view=faq&act=3[XSS-CODE]
http://[VICTIM]/boardhelp.asp?boardid=0&act=2[XSS-CODE]&title=
######################## €nd ##########################
Thnx to estrella to be my ligth
atentamente:
Lostmon (lostmon@gmail.com)
Web-Blog: http://lostmon.blogspot.com/
--
La curiosidad es lo que hace mover la mente....
Subscribe to:
Posts (Atom)