TUCoPS :: Web BBS :: etc :: tb11707.htm

UseBB 1.0.x Cross Site Scripting (XSS)
UseBB 1.0.x Cross Site Scripting (XSS)
UseBB 1.0.x Cross Site Scripting (XSS)


#############################################################
#	Script...............: UseBB version: 1.0.7	    #
#	Script Site..........: http://www.usebb.net	 # 
#	Vulnerability........: Cross Site Scripting (XSS)   #
#	Acces................: Remote			    #
#	level................: Dangerous		    #
#	Author...............: S4mi			    #
#	Contact..............: s4mi[at]LinuxMail.org	    #
#############################################################

The affected Files :
===================/UseBB/install/upgrade-0-2-3.php
/UseBB/install/upgrade-0-3.php
/UseBB/install/upgrade-0-4.php

vuln Code: line ~ 86
====================[code]
return '
';
[/code]

The variables PHP_SELF is used without filtering

PoC :
 
 
 

Solution :
===================
filtre the PHP_SELF
or you know what's the best lool : Delete the Install directory :D

Shoutz :
===================Simo64, DrackaNz, Iss4m, Coder212, HarDose, r0_0t, ddx39, E.chark, Nuck3r ....... & all Others

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH