logo Home

Untitled Document

Home > Archives Advisories > Articles


Untitled Document

Untitled Document

Phorum Cross Site Scripting Vulnerability
Date: 2003-04-03

Author : Peter Stöckli <pcs@pcsmedia.net>

Description:
It is possible to insert javascript code in a message and execute it.

1.) go to a phorum
2.) click on new topic
3.) enter any name
4.) enter any email
5.) enter a title in the way like this "><script>alert
("Vulnerable");</script>
6.) enter any text
7.) click the preview button
8.) click the send button on the top of the page

Solution:

Edit the source code to strip malicious characters from title or escape malicious characters using addslashes().



 

arrowSearch Advisories

arrowNewsletter

Free weekly Newsletter.

Please enter your email address here:
arrowReport Vulnerability

If you've found a vulnerability please
click here to report it.
arrowPartners

newsnow

About Us | Contact Us | Advertise | email | Backend flag
Copyright © 2016-2017 Security Corporation - All Rights Reserved - Legal - Privacy Policy