Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web BBS :: etc :: bt820.txt

aspBoard XSS Vulnerability

ZH2003-14SA (security advisory): aspBoard XSS Vulnerability

Published: 5 august 2003

Released: 5 august 2003

Name: aspBoard

Affected Systems: 1.2

Issue: Remote attackers can inject XSS script





Zone-h Security Team has discovered a flaw in 

aspBoard 1.2 (and older versions?). aspBoard is a

"Message Board Component for ASP Internet Applications".




The posting procedure needs: Your Name, Your Email, Your

URL, a subject and your message. It's possible to inject

XSS script in the url variable.

For example try this:

Your Name: John Doe

Your Email:

Your URL: <script>alert('Zone-h')</script>

Subject: Hi

Your Message: Zone-h Security Team



The vendor has been contacted and a patch is not yet produced



Filter the script

G00db0y - admin

Original advisory here:

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH