RANKBOX <= XSS vulnerability

From: spyburn mexico rlz (spy-burn_at_hotmail.com)
Date: 11/07/05

  • Next message: info_at_elcomsoft.com: "Schneier's PasswordSafe password validation flaw" 
    To: pen-test@lists.securityfocus.com, vuln-dev@securityfocus.com, pen-test@securityfocus.com, security-basics@securityfocus.com, nmap-hackers@insecure.org, full-disclosure@lists.grok.org.uk, bugtraq@securityfocus.com
Date: Mon, 07 Nov 2005 13:29:41 -0800

    #####################################################################################
    # #
    # Advisory #1 Title:
            #
    # "RANKBOX <= XSS vulnerability"
            #
    # #
    # Author: spyburn #
    # Contact: spy-burn@hotmail.com #
    # Website: elitemexico.org #
    # Date: 07/11/2005 #
    # Risk: High #
    # Vendor Url: http://chamberofgold.com #
    # Affected Software: RANKBOX
         #
    # Non Affected: #
    # #
    # We Are: ELITE MEXICO #
    #####################################################################################
    ---------------------------------------------------------

    :: Description ::
    script for forums phpbb

    ---------------------------------------------------------
    ####################
    :: Vulnerabilitie ::
    ####################
    - | "xss" | -

    directori afeccted is /index.php?mode=<IMG SRC=http://site.com/image.jpg>
                         /index.php?mode=<script>alert(document.cookie)</script>
    --------------------------------------------------------
    ############
    ::Exploit::
    ############
    no exploit is requiered, the only think you need to do is change your user
    agent

    ----------------------------------------------------------
    #######
    GREETZ
    #######
    Visit: www.elitemexico.org

    greetz: raza mexicana, mexican hackers mafia , cum, fraude, 0o_zeus_o0
    #############################################################

    _________________________________________________________________
    MSN Premium. Protégete, Comunícate y Diviértete
    http://join.msn.com/?pgmarket=es-mx&page=byoa/prem&xAPID=989&DI=233&SU=http://www.t1msn.com.mx/

  • Next message: info_at_elcomsoft.com: "Schneier's PasswordSafe password validation flaw"