EV0085.txt

`New eVuln Advisory:  
Easy Forum XSS Vulnerability  
http://evuln.com/vulns/85/summary.html  
  
--------------------Summary----------------  
eVuln ID: EV0085  
CVE: CVE-2006-0877  
Software: Easy Forum  
Sowtware's Web Site: http://hot-things.net/?q=eforum  
Versions: 2.5  
Critical Level: Harmless  
Type: Cross-Site Scripting  
Class: Remote  
Status: Patched  
Exploit: Available  
Solution: Available  
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)  
  
-----------------Description---------------  
Vulnerable script: join.php  
Variable $image isn't properly sanitized.  
  
Arbitrary script code insertion is possible in image URL when registering new user.  
  
  
--------------Exploit----------------------  
Available at: http://evuln.com/vulns/85/exploit.html  
  
Cross-Site Scripting Example:  
  
URL: http://[host]/eforum/join.php  
Image file (URL): javascript:alert(123) sometext.gif  
  
  
--------------Solution---------------------  
Vendor-provided patch is available now.  
  
http://hot-things.net/cs/section.php?sid=3  
  
--------------Credit-----------------------  
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)  
  
  
Regards,  
Aliaksandr Hartsuyeu  
http://evuln.com - Penetration Testing Services  
.  
`