BB Machine Forum 1.0 Cross Site Scripting vulnerability in thread paramete
`āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
āā C r a C k E r āā
āā T H E C R A C K O F E T E R N A L M I G H T āā
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
āāāāā From The Ashes and Dust Rises An Unimaginable crack.... āāāāā
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
āā [ Vulnerability ] āā
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
: Author : CraCkEr :
ā Website : https://www.codester.com/items/38745/ ā
ā Vendor : webfuelcode ā
ā Software : BB Machine Forum 1.0 ā
ā Vuln Type: Reflected XSS ā
ā Impact : Manipulate the content of the site ā
ā ā
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
ā āā
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
: :
ā Release Notes: ā
ā āāāāāāāāāāāāā ā
ā The attacker can send to victim a link containing a malicious URL in an email or ā
ā instant message can perform a wide variety of actions, such as stealing the victim's ā
ā session token or login credentials ā
ā ā
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
āā āā
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
Greets:
The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL
CryptoJob (Twitter) twitter.com/0x0CryptoJob
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
āā Ā© CraCkEr 2023 āā
āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā
Path: /thread
POST parameter 'thread' is vulnerable to RXSS
[+] Exploiting the Bug
1. From Index Page Click on Create Post
2. Fill any Subject
3. Select Any Category
4. in Thread "Put Your XSS Payload" example v4kow<script>alert(1)</script>ebxnq
5. Click on Submit
6. XSS Fired
7. Copy the link of your Post and send it to the Victim example: https://website/thread/Your-POST
8. XSS Fired on Victim Browser
[-] Done
`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactĀ us for a demo andĀ discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo