logo Home

Untitled Document

Home > Archives Advisories > Articles

Untitled Document

Untitled Document

Phorum Cross Site Scripting Vulnerability
Date: 2003-04-03

Author : Peter Stöckli <pcs@pcsmedia.net>

It is possible to insert javascript code in a message and execute it.

1.) go to a phorum
2.) click on new topic
3.) enter any name
4.) enter any email
5.) enter a title in the way like this "><script>alert
6.) enter any text
7.) click the preview button
8.) click the send button on the top of the page


Edit the source code to strip malicious characters from title or escape malicious characters using addslashes().


arrowSearch Advisories


Free weekly Newsletter.

Please enter your email address here:
arrowReport Vulnerability

If you've found a vulnerability please
click here to report it.


About Us | Contact Us | Advertise | email | Backend flag
Copyright © 2016-2017 Security Corporation - All Rights Reserved - Legal - Privacy Policy