IcrediBB 1.1 Script Injection Vulnerability

2002-04-19T00:00:00
ID EDB-ID:21399
Type exploitdb
Reporter Daniel Nyström
Modified 2002-04-19T00:00:00

Description

IcrediBB 1.1 Script Injection Vulnerability. CVE-2002-0590. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/4548/info

IcrediBB is freely available web forum software. It is written in PHP and will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.

IcrediBB does not adequately filter script code from forum message form fields. This may enable an attacker to inject malicious script code into forum messages.

An attacker who exploits this may be able to hijack web content or steal cookie-based authentication credentials. 

Post a message with the following text in the subject or message body:

<script>alert('Cross Site Scripting possible');</script>