Lucene search
bmforumXSS.txt
ποΈΒ 28 Jul 2005Β 00:00:00Reported byΒ LostmonTypeΒ 
Β packetstormπΒ packetstormsecurity.comπΒ 34Β Views
Multiple cross site scripting in BMForum allows remote attack executing arbitrary code, leading to integrity loss.VERSIONS: Datium! 3.0 RC4, Datium! 3.0 RC3, Plus! 3.0 RC4, Plus!MX 3.0.0.
Show more
`################################################
Multiple Cross site scripting in BMForum
vendor url:http://www.bmforum.com/
Advisore:http://lostmon.blogspot.com/2005/07/
multiple-cross-site-scripting-in.html
Vendor notify:yes Exploit available:yes
################################################
BMForum contains a flaw that allows a remote cross site scripting
attack.This flaw exists because the application does not validate
multiple variables upon submission to multiple scripts.This could
allow a user to create a specially crafted URL that would execute
arbitrary code in a user's browser within the trust relationship
between the browser and the server, leading to a loss of integrity.
####################
VERSIONS
####################
BMForum Datium! 3.0 RC4
BMForum Datium! 3.0 RC3
BMForum Datium! 3.0 RC2
BMForum Datium! 3.0 RC1
BMForum Plus! 3.0 RC4
BMForum Plus! 3.0 RC3
BMForum Plus! 3.0 RC2
BMForum Plus! 3.0 RC1
BMForum Plus!MX 3.0.0.5
BMForum Plus! 2.6.1
###################
Solution:
###################
No solution at this time.
###################
Timeline:
###################
Discovered: 21-0-2005
vendor notify:25-07-2005
Disclosure:27-07-2005
###################
Proof of XSS
####################
####################
topic.php
####################
http://[VICTIM]/bmb/topic.php?forumid=6&filename=38496&page=2[XSS-CODE]
http://[VICTIM]/bmb/topic.php?forumid=6&filename=38496[XSS-CODE]&page=2
http://[VICTIM]/topic.php?filename=1923[XSS-CODE]
#################
forums.php
#################
http://[VICTIM]/bmb/forums.php?forumid=6[XSS-CODE]
http://[VICTIM]/bmb/forums.php?forumid=6&listby=posttime[XSS-CODE]&jinhua=&page=
http://[VICTIM]/bmb/forums.php?forumid=6&listby=posttime&jinhua=[XSS-CODE]&page=
http://[VICTIM]/bmb/forums.php?forumid=6&listby=posttime&jinhua=&page=[XSS-CODE]
###################
post.php
###################
http://[VICTIM]/post.php?forumid=2\[XSS-CODE]
###################
announcesys.php
###################
http://[VICTIM]/announcesys.php?forumid=0[XSS-CODE]
#################
Others
#################
http://[VICTIM]/datafile/regipbans.php //ips baned.
http://[VICTIM]/bmb/datafile/sendmail.php // full path disclosure.
http://[VICTIM]/post_global.php //full path disclosure
http://[VICTIM]/bmb/datafile/bbslog2.txt
http://[VICTIM]/bmb/bbslog.txt
################### Βnd ######################
thnx to estrella to be my ligth.
atentamente:
Lostmon ([email protected])
Web-Blog: http://lostmon.blogspot.com/
--
La curiosidad es lo que hace mover la mente....
`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo28 Jul 2005 00:00Current
7.4High risk
Vulners AI Score7.4