Tritanium Bulletin Board 1.2.3 - XSS

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Tritanium Bulletin Board 1.2.3 - XSS
From: d4igoro@xxxxxxxxx
Date: 11 Apr 2006 20:26:06 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Tritanium Bulletin Board 1.2.3 - XSS Vulnerabilities
--------------------------------------------------------
Software: Tritanium Bulletin Board 1.2.3
Version: 1.2.3
Type: Cross Site Scripting Vulnerability
Date: Die Apr 11 21:57:50 CEST 2006
Vendor: tritanium
Page: http://www.tritanium-scripts.com/
Risc: Low

credits:
----------------------------
d4igoro - d4igoro[at]gmail[dot]com
http://d4igoro.blogspot.com/

vulnerability:
----------------------------
register_globals On

http://[target]/index.php?faction=register&newuser_name=[XSS]
http://[target]/index.php?faction=register&newuser_email=[XSS]
http://[target]/index.php?faction=register&newuser_hp=[XSS]

solution:
----------------------------
register.php
line 26-33 : better validating

notes:
----------------------------
The vendor has been informed.

googledork:
----------------------------
"2001/2002 Tritanium Scripts"

Prev by Date: Manila <= 9.5 - XSS Vulnerabilities
Next by Date: [eVuln] VNews Multiple Vulnerabilities
Previous by thread: Manila <= 9.5 - XSS Vulnerabilities
Next by thread: [eVuln] VNews Multiple Vulnerabilities
Index(es):
- Date
- Thread