IcrediBB 1.1 Script Injection Vulnerability

ID EDB-ID:21399
Type exploitdb
Reporter Daniel Nyström
Modified 2002-04-19T00:00:00


IcrediBB 1.1 Script Injection Vulnerability. CVE-2002-0590. Webapps exploit for php platform

                                            source: http://www.securityfocus.com/bid/4548/info

IcrediBB is freely available web forum software. It is written in PHP and will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.

IcrediBB does not adequately filter script code from forum message form fields. This may enable an attacker to inject malicious script code into forum messages.

An attacker who exploits this may be able to hijack web content or steal cookie-based authentication credentials. 

Post a message with the following text in the subject or message body:

<script>alert('Cross Site Scripting possible');</script>