Discuz! XSS attacks caused by lax filtering of multiple file variables in the NT Forum

Security Technical Team for the era of Bugging Security Team vulnerabilities [B .S. T]
Official Address: http://bugging.com.cn
Affected Versions:
Powered by Discuz! Less than NT 2.6
Program introduction:
Discuz! NT is a powerful community software under kangsheng chuangxiang (Beijing) Technology Co., Ltd. based on the ASP.net platform. Based on advanced. net Framework. By default, it supports SQLServer databases and supports multiple types of databases such as Access and MySQL. It supports IIS5, IIS6, and IIS7, which is safe, efficient, stable, and easy to use. It gives full play to the features of ASP.net, supports free skin switch and Data Conversion from multiple forums. ~ DLbhjde n

Vulnerability Analysis ::
Discuz! In the NT Version, files such as usercpspacemanagealbum. aspx and usercpspacephotoadd. aspx do not properly filter the albumtitle and multiple variables passed by the user (only for the version of the photo album plug-in installed ). In the personal settings file, the usercpprofile. aspx file does not properly filter the user to pass realname and idcard. This vulnerability can cause XSS attacks. It can be used to mount Trojans and steal sensitive website information!

Vulnerability exploitation:
Register a user and go to the album management page to create a new album.
Album management. Create a new album in the lower right corner. You can enter Html code for the album name.
Http://52cmd.cn/usercpspacemanagealbum.aspx
Http://52cmd.cn/usercpspacemanagealbum.aspx? Albumid =-1

In addition, there are multiple headers and descriptions.
Personal settings include real names and ID card numbers.
Http://52cmd.cn/usercpprofile.aspx

Solution:
No notification yet. Please wait for official patches