# Ultra Light Forum Persistant XSS Vulnerability
# By cr4wl3r http://bastardlabs.info
# http://bastardlabs.info/advisories/?id=86
# Script: http://sourceforge.net/projects/ultralightforum/files/
# Tested: Win 7

Description :
Ultra Light Forum developed in PHP and MySQL as a standalone forum with high speed, high user-friendliness. 
User can create, delete topic, can reply to others topic. 
The forum also comes with poll, where user can vote. To know more try UL Forum.

Proof of Concept :
Choose profile settings, and put the messages box with 
And update your profile
So if any user can view you profile, the script will be execute

Rate this post
Брой прочитания на тази страница: 373
Ultra Light Forum Persistant XSS Vulnerability
Tagged on:

Вашият коментар

Вашият имейл адрес няма да бъде публикуван. Задължителните полета са отбелязани с *