-= ASP Discussion Forum Like the one on FreeVBCode.com =-
Omnipresent
June 01, 2006
XSS Exploit
ASP Discussion Forum Like the one on FreeVBCode.com
http://www.freevbcode.com/ShowCode.Asp?ID=864
ASP Discussion Forum Like the one on FreeVBCode.com
Author: Intelligent Solutions Inc. (Featured Developer)
Category: ASP, HTML, and XML
Type: Applications
Difficulty: Advanced
The application is vulnerable to an XSS Attack, in the function Search.
In forum_search.asp the variable search, passed by default.asp, is not properly sanitized before be used; so an attacker can
do an XSS attack.
If an attacker put this code:
<script>alert("XSS Attack")</script>
in the field Search Forum (search variable), you get the message "XSS Attack".
Not informed!
omnipresent
[email protected]