Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web BBS :: etc :: tb11707.htm

UseBB 1.0.x Cross Site Scripting (XSS)



UseBB 1.0.x Cross Site Scripting (XSS)
UseBB 1.0.x Cross Site Scripting (XSS)



#############################################################
#	Script...............: UseBB version: 1.0.7	    #
#	Script Site..........: http://www.usebb.net	 # 
#	Vulnerability........: Cross Site Scripting (XSS)   #
#	Acces................: Remote			    #
#	level................: Dangerous		    #
#	Author...............: S4mi			    #
#	Contact..............: s4mi[at]LinuxMail.org	    #
#############################################################

The affected Files :
===================/UseBB/install/upgrade-0-2-3.php
/UseBB/install/upgrade-0-3.php
/UseBB/install/upgrade-0-4.php

vuln Code: line ~ 86
====================[code]
return '

'; [/code] The variables PHP_SELF is used without filtering PoC : Solution : =================== filtre the PHP_SELF or you know what's the best lool : Delete the Install directory :D Shoutz : ===================Simo64, DrackaNz, Iss4m, Coder212, HarDose, r0_0t, ddx39, E.chark, Nuck3r ....... & all Others


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH