Categories

Applications (222)
Blogs (7)
Content Management (148)
Customer Relationship (2)
Discussion Boards (29)
E-Commerce (14)
General Purpose Directories (2)
Image Galleries (18)
Mailing Lists (1)
Tips (3)
Vulnerabilities (337)
Access Bypass (50)
Cross Site Scripting (123)
Denial Of Service (2)
File Inclusion (51)
Information Disclosure (15)
Privilege Escalation (2)
Remote Command Execution (16)
Session Hijacking (2)
SQL Injection (130)
« Indexu Multiple XSS
WordPress “demo” XSS »

Snitz Forum 2000 Script Insertion Vulnerability

Published by CS Lee March 9th, 2007 in Content Management and Cross Site Scripting.

Application: Snitz Forum 2000
Version: 3.4.06 or below
Vendors URL: http://forum.snitz.com/
Bug Type: Cross Site Scripting(XSS)
Risk: High

Solution:
- Edit the source code(pop_profile.asp) to ensure that input is properly sanitised
- Grant only trusted users access to the application
- Currently waiting for the bugs fix from respected vendor
- http://forum.snitz.com/forum/forum.asp?FORUM_ID=118

Subscribe

Latest

Archives



Valid XHTML 1.0 Transitional