Advertisement




Edit Report

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2006040088

Below is a copy:

//----- Advisory

Program          : BetaBoard
Homepage         : http://gonzo.uni-weimar.de/~scheffl2/betaboard/
Tested version   : 0.1
Found by         : Simon MOREL <philemon at thehackademy dot net>
This advisory    : Simon MOREL <philemon at thehackademy dot net>
Discovery date   : 2006/04/16

//----- Application description

BetaBoard is a small german forum in which thread list is displayed as an indented tree.

//----- Description of vulnerability

Malicious JavaScript code can be insert in user's profile.

//----- Proof Of Concept

<script>alert('document.cookie')</script>

//----- Impact

Every user reading evil guy's profile can have his cookie stolen

//----- Credits

Simon MOREL <philemon at thehackademy dot net>
http://www.sysdream.com

//----- Greetings

Celelibi for his English ;>

Copyright ©2023 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.