dvbbsXSS.txt

2005-08-09T00:00:00
ID PACKETSTORM:39161
Type packetstorm
Reporter Lostmon
Modified 2005-08-09T00:00:00

Description

                                        
                                            `#############################################  
DVBBS Multiple variable Cross site scripting  
vendor url:http://down.dvbbs.net/  
SoftView/SoftView_2455.html  
Advisory:http://lostmon.blogspot.com/2005/08/  
dvbbs-multiple-variable-cross-site.html  
vendor notify:yes exploit available:yes  
OSVDB ID:18512  
#############################################  
  
DVBBS contains a flaw that allows a remote cross site scripting  
attack.This flaw exists because the application does not validate  
multiple variables upon submission to multiple scripts.This could  
allow a user to create a specially crafted URL that would execute  
arbitrary code in a user's browser within the trust relationship  
between the browser and the server, leading to a loss of integrity  
  
  
############  
solution  
############  
  
no solution available at this time !  
  
  
############  
versions  
############  
  
Dvbbs 7.1 Sp2  
Dvbbs 7.1   
  
#############  
timeline  
#############  
  
discovered:21-jul-2005  
disclosure:21-jul-2005  
public disclosure:08-ago-2005  
  
####################  
proof of concept  
####################  
  
  
http://[VICTIM]/dispbbs.asp?boardID=8&ID=550194&page=1[XSS-CODE]  
  
http://[VICTIM]/dispuser.asp?name=Walltrapass[XSS-CODE]  
  
http://[VICTIM]/boardhelp.asp?boardid=0&act=2&title=[XSS-CODE]  
http://[VICTIM]/boardhelp.asp?boardid=0&view=faq[XSS-CODE]&act=3  
http://[VICTIM]/boardhelp.asp?boardid=0&view=faq&act=3[XSS-CODE]  
http://[VICTIM]/boardhelp.asp?boardid=0&act=2[XSS-CODE]&title=  
  
######################## €nd ##########################  
  
Thnx to estrella to be my ligth  
  
atentamente:  
Lostmon (lostmon@gmail.com)  
Web-Blog: http://lostmon.blogspot.com/  
--  
La curiosidad es lo que hace mover la mente....  
`