TUCoPS :: Web BBS :: Frequently Exploited :: b06-1086.htm

Xss in Wbb 2.3.4
Xss in Wbb 2.3.4
Xss in Wbb 2.3.4


hi again friends
i discovered a xss in wbb again ;)
in
wbb/acp/lib/class_db_mysql.php

in the 123.line

$errormsg .= "Script: ".getenv("REQUEST_URI")."\n
";

hmm what can we do with that?
if there is an sql db error you may do 

/wbb/xx.php? 

or you may use filebase mod for make an sql error

like that 

http://www.wbbsite.com/filebase_redirect.php?fid=' 

WwW.SpyMasterSnake.org 
Tontonq ;)

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH