Tritanium Bulletin Board 1.2.3 - XSS Vulnerabilities -------------------------------------------------------- Software: Tritanium Bulletin Board 1.2.3 Version: 1.2.3 Type: Cross Site Scripting Vulnerability Date: Die Apr 11 21:57:50 CEST 2006 Vendor: tritanium Page: http://www.tritanium-scripts.com/ Risc: Low credits: ---------------------------- d4igoro - d4igoro[at]gmail[dot]com http://d4igoro.blogspot.com/ vulnerability: ---------------------------- register_globals On http://[target]/index.php?faction=register&newuser_name=[XSS] http://[target]/index.php?faction=register&newuser_email=[XSS] http://[target]/index.php?faction=register&newuser_hp=[XSS] solution: ---------------------------- register.php line 26-33 : better validating notes: ---------------------------- The vendor has been informed. googledork: ---------------------------- "2001/2002 Tritanium Scripts"