Advisory: ASPBB <= 0.52 (perform_search.asp) XSS vulnerability

2006-05-30 / 2006-05-31

Credit: Mustafa Can Bjorn IPEKCI (nukedx nukedx com)

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2006-2648

CWE: CWE-79

Ogólna skala CVSS: 2.6/10

Znaczenie: 2.9/10

Łatwość wykorzystania: 4.9/10

Wymagany dostęp: Zdalny

Złożoność ataku: Wysoka

Autoryzacja: Nie wymagana

Wpływ na poufność: Brak

Wpływ na integralność: Częściowy

Wpływ na dostępność: Brak

--Security Report--
Advisory: ASPBB <= 0.52 (perform_search.asp) XSS vulnerability
---
Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI
---
Date: 27/05/06 04:26 PM
---
Contacts:{
ICQ: 10072
MSN/Email: nukedx (at) nukedx (dot) com [email concealed]
Web: http://www.nukedx.com
}
---
Vendor: ASPBB (www.aspbb.org)
Version: 0.52 and prior versions must be affected.
About: Via this method remote attacker can make malicious links for  
clicking and
when victim clicks this links victim's browser would be inject with XSS.
Level: Harmless
---
How&Example:
GET -> http://[site]/perform_search.asp?search=">[XSS]
EXAMPLE ->  
http://[site]/perform_search.asp?search="><script>alert('X');</script>
---
Timeline:
* 27/05/2006: Vulnerability found.
* 27/05/2006: Contacted with vendor and waiting reply.

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Advisory: ASPBB <= 0.52 (perform_search.asp) XSS vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.