AOH :: Web BBS :: etc :: B06-1667.HTM

AOH :: Web BBS :: etc :: B06-1667.HTM
BetaBoard Cross Site Scripting vulnerability

BetaBoard Cross Site Scripting vulnerability BetaBoard Cross Site Scripting vulnerability


//----- Advisory


Program          : BetaBoard
Homepage : http://gonzo.uni-weimar.de/~scheffl2/betaboard/ 
Tested version   : 0.1
Found by         : Simon MOREL 
This advisory    : Simon MOREL 
Discovery date   : 2006/04/16



//----- Application description


BetaBoard is a small german forum in which thread list is displayed as an indented tree.  



//----- Description of vulnerability


Malicious JavaScript code can be insert in user's profile.



//----- Proof Of Concept






//----- Impact


Every user reading evil guy's profile can have his cookie stolen



//----- Credits


Simon MOREL 
http://www.sysdream.com 



//----- Greetings


Celelibi for his English ;>

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better). Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.