GulfTech Computers strives to beat the price(s) of any other business around.
Check with us first as it just may save you some time and money. And who doesn't want to
save money? Please contact us with any questions or inquiries.
Latest GulfTech Releases
SubScan v1.2 Scans a domain for DNS records and SubDomains. Very stealthy, and can be used
to find many hosts not on the public netblock. A very interesting tool to say the least.
Works on both Nix and Windows based systems. Get it now!
Phorum is a web based message board written in PHP. Phorum is designed with high-availability
and visitor ease of use in mind. Features such as mailing list integration, easy customization
and simple installation make Phorum a powerful add-in to any website.
Phorum have pached a good number of XSS (Cross Site Scripting) issues in the past, but there is
still some work to be done regarding these issues before the final release of Phorum Version 5.
The first issue I am going to talk about lies in "login.php" If you look at the HTML source code
you should see two hidden variables. One called "f" which specifies the forum id, and one called
"target" which specifies the location to take the user after they login. Unfortunately both of
these values are taken directly from the value of HTTP_REFERER without any validation. While there
is a global script in forum that checks for the <script> tag, it will allow for pretty much any
allowed. This same vulnerability also exists in "register.php" And while not the exact same, a
similar problem to these two exists in "profile.php" also. Below are some examples.