Vulners
Lucene search
Boastmachine.txt
🗓️ 22 May 2006 00:00:00Reported by Yunus Emre YilmazType 
packetstorm🔗 packetstormsecurity.com👁 33 Views
`Advisory : Cross Site Scripting in Boastmachine (http://boastology.com/)
Release Date : 17/05/2005
Last Modified : 17/05/2005
Author : Yunus Emre Yilmaz ( http://yns.zaxaz.com)
Application : BoastMachine v3.1 ( maybe older versions)
Risk : High
Problem : Form action values in admin.php and index.php (maybe other pages) isn't properly sanitized before being returned to page.Form action value
is otomatically coming from $_SERVER["PHP_SELF"];.And This is changeable from query string.
If I access page like admin.php/XSS $_SERVER["PHP_SELF"] returns as admin.php/XSS.So , an attacker basicly inject malicious
HTML/JS codes into page.
Proof Of Concept : admin.php/"><script>alert('xss')</script>
Solution : Edit the source code , and change it $_SERVER["SCRIPT_NAME"] or filter it before printing in page.
Original Advisory : http://yns.zaxaz.com/advisories/bostmachine.txt
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
22 May 2006 00:00Current
7.4High risk
Vulners AI Score7.4