Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12182
HistoryApr 12, 2006 - 12:00 a.m.

Tritanium Bulletin Board 1.2.3 - XSS

2006-04-1200:00:00
vulners.com
14
JSON

Tritanium Bulletin Board 1.2.3 - XSS Vulnerabilities

Software: Tritanium Bulletin Board 1.2.3
Version: 1.2.3
Type: Cross Site Scripting Vulnerability
Date: Die Apr 11 21:57:50 CEST 2006
Vendor: tritanium
Page: http://www.tritanium-scripts.com/
Risc: Low

credits:

d4igoro - d4igoro[at]gmail[dot]com
http://d4igoro.blogspot.com/

vulnerability:

register_globals On

http://[target]/index.php?faction=register&newuser_name=[XSS]
http://[target]/index.php?faction=register&newuser_email=[XSS]
http://[target]/index.php?faction=register&newuser_hp=[XSS]

solution:

register.php
line 26-33 : better validating

notes:

The vendor has been informed.

googledork:

"2001/2002 Tritanium Scripts"

JSON