TUCoPS :: Web :: Specific Sites :: b06-3055.htm

Boardhost.com - XSS
Boardhost.com - XSS
Boardhost.com - XSS


Boardhost.com =0D
=0D
Description:=0D
=0D
Free Msgboard hosting service.=0D
=0D
Homepage:=0D
http://www.Boardhost.com=0D 
=0D
Affected files=0D
Input boxes of posting a message=0D
Searching for a listing board=0D
=0D
-------------------------------------------------=0D
=0D
XSS vuln with cookie disclosure when posting a msg (Tested on boardhost.com's test msg board and a members board):=0D
=0D
Boardhost doesn't properly filter user input before generating it. For PoC (Works on members with free account) try putting:=0D
=0D
=0D
=0D
Now, to bypass the filters for Members with paying accounts, its pretty easy. You'll notice they have paying accounts if their boards let you post links and images =0D
=0D
with your post. For a PoC there, in the Message:, or links input boxes just put http:// before your javascript.=0D
=0D
http:// SRC="javascript:alert('XSS');">=0D 
=0D
Screenshots:=0D
http://www.youfucktard.com/xsp/boardhost1.jpg=0D 
http://www.youfucktard.com/xsp/boardhost2.jpg=0D 
http://www.youfucktard.com/xsp/boardhost3.jpg=0D 
http://www.youfucktard.com/xsp/boardhost4.jpg

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH