Tritanium Bulletin Board 1.2.3 suffers from XSS.
dfef64553d4a11c3c06bed9689775824f90ed34ca7cf338e13fc75d5314265a8Tritanium Bulletin Board 1.2.3 - XSS Vulnerabilities
--------------------------------------------------------
Software: Tritanium Bulletin Board 1.2.3
Version: 1.2.3
Type: Cross Site Scripting Vulnerability
Date: Die Apr 11 21:57:50 CEST 2006
Vendor: tritanium
Page: https://www.tritanium-scripts.com/
Risc: Low
credits:
----------------------------
d4igoro - d4igoro[at]gmail[dot]com
https://d4igoro.blogspot.com/
vulnerability:
----------------------------
register_globals On
https://[target]/index.php?faction=register&newuser_name=[XSS]
https://[target]/index.php?faction=register&newuser_email=[XSS]
https://[target]/index.php?faction=register&newuser_hp=[XSS]
solution:
----------------------------
register.php
line 26-33 : better validating
notes:
----------------------------
The vendor has been informed.
googledork:
----------------------------
"2001/2002 Tritanium Scripts"
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed