Ultimate PHP Board Board 1.0 final beta ViewTopic.PHP Cross-Site Scripting Vulnerability

2002-11-08T00:00:00
ID EDB-ID:22076
Type exploitdb
Reporter euronymous
Modified 2002-11-08T00:00:00

Description

Ultimate PHP Board Board 1.0 final beta ViewTopic.PHP Cross Site Scripting Vulnerability. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/6335/info

Ultimate PHP Board (UPB) is a freely available, open source PHP Bulletin Board. It is available for the Unix and Linux operating systems.

By passing a malicious script code to the viewtopic.php script, UPB may return the script code to the browser of the user visiting the malicious URL. This could lead to the execution of HTML and script code in the security context of the UPB site.

http://example.com/phorum/viewtopic.php?id=%3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E&t_id=2