{"id": "PACKETSTORM:52340", "vendorId": null, "type": "packetstorm", "bulletinFamily": "exploit", "title": "vikiboard012.txt", "description": "", "published": "2006-11-20T00:00:00", "modified": "2006-11-20T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "cvss2": {}, "cvss3": {}, "href": "https://packetstormsecurity.com/files/52340/vikiboard012.txt.html", "reporter": "benjamin moss", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2016-11-03T10:28:01", "viewCount": 9, "enchantments": {"score": {"value": -0.4, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.4}, "_state": {"dependencies": 1678912101, "score": 1678911848, "epss": 1678924918}, "_internal": {"score_hash": "71d179e68e9c2cc6753f82bd1f7be6ac"}, "sourceHref": "https://packetstormsecurity.com/files/download/52340/vikiboard012.txt", "sourceData": "`vendor site:http://vikingboard.com/ \nproduct:Vikingboard (0.1.2) \nbug:local file include & multiples permanent xss \nrisk:medium \n \n \n \n \nerror sql : \n/members.php?s=-80 \n \nxss permanent : \n- in private message , an attacker can send a pm to an administrator with some javascript into the subject field an get his cookie stealed \n- in the forum , an attacker can post a topic , with some javascript into the subject field , then when you get in : http://site.com/forum/ \nyou will get your cookie stealed direcly . \nthose xss are a serious security issue for a forum , because they are permanent . \n \nlocal file include : \n \nalso once the attacker have stoolen the cookie , then he will get admin , \nin the administration there's a local file include here : \n/admin.php?act=../../../../../../../../../../../../../../etc/passwd%00 \n \n \n \nlaurent gaffi\u00e9 & benjamin moss\u00e9 \nhttp://s-a-p.ca/ \ncontact: saps.audit@gmail.com \n`\n"}
vikiboard012.txt