Boardhost.com Description: Free Msgboard hosting service. Homepage: http://www.Boardhost.com Affected files Input boxes of posting a message Searching for a listing board ------------------------------------------------- XSS vuln with cookie disclosure when posting a msg (Tested on boardhost.com's test msg board and a members board): Boardhost doesn't properly filter user input before generating it. For PoC (Works on members with free account) try putting: <IMG SRC="javascript:alert('XSS');"> Now, to bypass the filters for Members with paying accounts, its pretty easy. You'll notice they have paying accounts if their boards let you post links and images with your post. For a PoC there, in the Message:, or links input boxes just put http:// before your javascript. http://<IMG SRC="javascript:alert('XSS');"> Screenshots: http://www.youfucktard.com/xsp/boardhost1.jpg http://www.youfucktard.com/xsp/boardhost2.jpg http://www.youfucktard.com/xsp/boardhost3.jpg http://www.youfucktard.com/xsp/boardhost4.jpg
