# Exploit Title: TangoBB 1.5.0-A3 XSS Vulnerability # Google Dork: "Powered by TangoBB" # Date: 24-2-2015 # Exploit Author: Dennis Veninga # Vendor Homepage: https://github.com/Codetana/TangoBB # Version: 1.5.0-A3 # Tested on: Firefox 36 & Chrome 38 / W8.1-x64 # CVE : NONE Published: 24-2-2015 Vendor updated: 24-2-2015 TangoBB -> Version: 1.5.0-A3 Date: 24-2-2015 Found By: Dennis Veninga Exploit info: XSS Vulnerability Dork: "Powered by TangoBB" XSS: http://{target}/TangoBB/new.php/node/1 Affects: created topic, so an user can infect other users with malware and or take over their systems.