Vulners
Lucene search
vikiboard012.txt
`vendor site:http://vikingboard.com/
product:Vikingboard (0.1.2)
bug:local file include & multiples permanent xss
risk:medium
error sql :
/members.php?s=-80
xss permanent :
- in private message , an attacker can send a pm to an administrator with some javascript into the subject field an get his cookie stealed
- in the forum , an attacker can post a topic , with some javascript into the subject field , then when you get in : http://site.com/forum/
you will get your cookie stealed direcly .
those xss are a serious security issue for a forum , because they are permanent .
local file include :
also once the attacker have stoolen the cookie , then he will get admin ,
in the administration there's a local file include here :
/admin.php?act=../../../../../../../../../../../../../../etc/passwd%00
laurent gaffié & benjamin mossé
http://s-a-p.ca/
contact: [email protected]
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
20 Nov 2006 00:00Current
7.4High risk
Vulners AI Score7.4