by r0t,der4444,cembo,VietMafia

Wednesday, November 23, 2005

XSS in HydroBB

XSS in HydroBB
Vuln. dicovered by : r0t
Date : 23 nov. 2005
Vendor:http://www.hydrobb.com/
Orginal advisory:
affected version:HydroBB 1.0.0 Beta 2

Vuln. Desciption
Certain unspecified input is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site.

Example:

/forums/search.php?searchid=3577&s=[XSS]
/forums/members.php?action=profile&userprofile=297&s=[XSS]
/forums/members.php?action=memberlist&s=[XSS]
/forums/stats.php?s=[XSS]
/forums/viewforum.php?ID=6&s=[XSS]
/forums/register.php?s=\\[XSS]
/forums/usercp.php?area=main&s=[XSS]
/forums/groups.php?s=[XSS]
/forums/pms.php?area=compose&userid=159&s=[XSS]
/forums/calendar.php?s=[XSS]

Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew