<<< Date Index >>>     <<< Thread Index >>>

Boardhost.com - XSS



Boardhost.com 

Description:

Free Msgboard hosting service.

Homepage:
http://www.Boardhost.com

Affected files
Input boxes of posting a message
Searching for a listing board

-------------------------------------------------

XSS vuln with cookie disclosure when posting a msg (Tested on boardhost.com's 
test msg board and a members board):

Boardhost doesn't properly filter user input before generating it. For PoC 
(Works on members with free account) try putting:

<IMG SRC="javascript:alert('XSS');">

Now, to bypass the filters for Members with paying accounts, its pretty easy. 
You'll notice they have paying accounts if their boards let you post links and 
images 

with your post. For a PoC there, in the Message:, or links input boxes just put 
http:// before your javascript.

http://<IMG SRC="javascript:alert('XSS');">

Screenshots:
http://www.youfucktard.com/xsp/boardhost1.jpg
http://www.youfucktard.com/xsp/boardhost2.jpg
http://www.youfucktard.com/xsp/boardhost3.jpg
http://www.youfucktard.com/xsp/boardhost4.jpg