Bug: MegaBBS ASP Forum Cross-Site Scripting ( Ascii Version )

Search:
WLB2

MegaBBS ASP Forum Cross-Site Scripting

Published
Credit
Risk
2008.01.23
grossman
Low
CWE
CVE
Local
Remote
CWE-79
CVE-2008-0436
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

[HSC] MegaBBS ASP Forum Cross-Site Scripting

MegaBBS is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied
input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the
context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch
other attacks.

Hackers Center Security Group (http://www.hackerscenter.com)

Credit: Doz

Class: Input Validation Error

Remote: Yes

Product: MegaBBS ASP Forum Software

Version: v1.5.14b

Vendor: http://www.pd9soft.com/

Attackers can exploit these issues via a web client.

Url: /path/profile-upload/upload.asp?target=code

Example:

/forum/profile-upload/upload.asp?target=<Script>evil</Script>

/megabbs/profile-upload/upload.asp?target=<Script>evil</Script>

Solution: Upgrade to version 2.2

By becoming an Ethical Hacker, you can stop Black Hat Hackers. Learn with out

having to pay thousands! - The most comprehensive security pack you will ever

find on the net! - http://kit.hackerscenter.com

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version