Snitz Forums 2000 3.4.03 - Search.ASP Cross-Site Scripting Vulnerability

2003-06-16T00:00:00
ID EDB-ID:22778
Type exploitdb
Reporter JeiAr
Modified 2003-06-16T00:00:00

Description

Snitz Forums 2000 3.4 .03 Search.ASP Cross-Site Scripting Vulnerability. CVE-2003-0492. Webapps exploit for asp platform

                                        
                                            source: http://www.securityfocus.com/bid/7922/info

Snitz Forums is prone to cross-site scripting attacks. This is due to insufficient sanitization of data passed to the search facility via URI parameters.

Exploitation may allow theft of cookie-based authentication credentials or other attacks.

This issue was reported in Snitz Forums 3.4.0.3, other versions might also be affected.

http://www.example.com/search.asp?Search="><script>alert()</script>