Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Servers :: fsnetfws.txt

File-Sharing for NET v1.5 and Forums Web Server v1.5 JS/HTML Code Inject

Advisories: JS/HTML code injection in File-Sharing for NET v1.5 and Forums Web Server v1.5
Author: nimber []
Date: 10/06/2003
Vendor: <>
Version: 1.5 (and older versions?) 
Shareware :)
Mini-description [for File-Sharing for NET v1.5]:
"File Sharing for net is a complete, secure web server that shares your business documents 

and files over the web: remote users only need browsers to view your files. Share, transfer 

files securely with colleagues."
Mini-description [for Forums Web Server v1.5]:
"WebForums Server allows you to setup a bulletin board and photo/file exchange web service. 

It offers a built in HTTP engine, internal database engine, integrated HTML/Script pages, 

user management interface, message board engine and a secure file Upload/Download option. 

It is without a doubt the easiest and complet all in one Forum Server software you have 

seen." [The information from a site <>]

These two products, from one vendors, use the similar built - in forum (BBS). 
I think, that Forums Web Server v1.5 is the easy version of the program File-Sharing for 

I have found vulnerability in the built - in forum of both programs. 
In the program File-Sharing for NET v1.5, at addition of the new message there is no 

filtration entered given in fields "Subject:" and "Your message:". It enables inserts any 

JS/HTML of a code.
For example:

<script> alert (document.cookie); </script>

In the program Forums Web Server v1.5, there is no filtration only in a field "Subject:", 

in a field "Your message:" the symbol < is replaced on "<".


For contacts:
icq: 132614
e-mail: <>
Home Page:

Greets: ZeT,euronymous,JLx and all my friends.
Hi to teams: zud team,, RusH Team, m00 security,,LWTeam, F0K Project,Free-Crew.

p.s> Sorry for my bad english ;)


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH