TUCoPS :: Web BBS :: etc :: b06-1545.htm

Tritanium Bulletin Board 1.2.3 - XSS
Tritanium Bulletin Board 1.2.3 - XSS
Tritanium Bulletin Board 1.2.3 - XSS


Tritanium Bulletin Board 1.2.3 - XSS Vulnerabilities
--------------------------------------------------------
Software: Tritanium Bulletin Board 1.2.3
Version: 1.2.3
Type: Cross Site Scripting Vulnerability
Date: Die Apr 11 21:57:50 CEST 2006
Vendor: tritanium
Page: http://www.tritanium-scripts.com/ 
Risc: Low

credits:
----------------------------
d4igoro - d4igoro[at]gmail[dot]com
http://d4igoro.blogspot.com/ 

vulnerability:
----------------------------
register_globals On

http://[target]/index.php?faction=register&newuser_name=[XSS] 
http://[target]/index.php?faction=register&newuser_email=[XSS] 
http://[target]/index.php?faction=register&newuser_hp=[XSS] 

solution:
----------------------------
register.php
line 26-33 : better validating

notes:
----------------------------
The vendor has been informed.

googledork:
----------------------------
"2001/2002 Tritanium Scripts"

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH