Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Boastmachine.txt

๐Ÿ—“๏ธย 22 May 2006ย 00:00:00Reported byย Yunus Emre YilmazTypeย 
packetstorm
ย packetstorm๐Ÿ”—ย packetstormsecurity.com๐Ÿ‘ย 32ย Views

Cross Site Scripting risk in BoastMachine v3.

Show more

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`Advisory : Cross Site Scripting in Boastmachine (http://boastology.com/)  
Release Date : 17/05/2005  
Last Modified : 17/05/2005  
Author : Yunus Emre Yilmaz ( http://yns.zaxaz.com)  
Application : BoastMachine v3.1 ( maybe older versions)  
Risk : High  
  
Problem : Form action values in admin.php and index.php (maybe other pages) isn't properly sanitized before being returned to page.Form action value  
is otomatically coming from $_SERVER["PHP_SELF"];.And This is changeable from query string.  
  
If I access page like admin.php/XSS $_SERVER["PHP_SELF"] returns as admin.php/XSS.So , an attacker basicly inject malicious  
HTML/JS codes into page.  
  
Proof Of Concept : admin.php/"><script>alert('xss')</script>  
  
Solution : Edit the source code , and change it $_SERVER["SCRIPT_NAME"] or filter it before printing in page.  
  
Original Advisory : http://yns.zaxaz.com/advisories/bostmachine.txt  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
22 May 2006 00:00Current
7.4High risk
Vulners AI Score7.4
cross site scriptingboastmachineform actionphp_selfxsssource codescript name
32
.json
Report