Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:7543
HistoryJan 11, 2005 - 12:00 a.m.

Security Advisory: Woltlab Burning Board Lite formmail.php XSS

2005-01-1100:00:00
vulners.com
9
JSON

Advisory Information

Advisory name : Woltlab Burning Board Lite formmail.php XSS
Discovered by : drhankey / it-security23.net
Vendor Name : Woltlab
Vendor Homepage : http://www.woltlab.de
Software : Woltlab Burning Board Lite
Vulnerability Type : Cross-Site-Scripting
Vulnerable Versions : 1.0.0, 1.0.1e, maybe more
Platforms : OS Independent, PHP

What is Woltlab Burning Board Lite?

Woltlab Burning Board Lite is the free version of the Woltlab Burning Board,
a PHP based bulletin board

Vulnerability Description:

formmail.php outputs the "userid"-parameter unfiltered, so its possible to add arbitary Code to the output
by using a malformed link.
The Board also allows logging in with stolen cookies.

Proof of Concept:

http://website/board/formmail.php?userid=1"><script>document.location.href="http://www.it-security23.net";</script
x="y

JSON