Open Bulletin Board javascript bug.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: bugtraq@securityfocus.com
Subject: Open Bulletin Board javascript bug.
From: skizzik@imail.ru
Date: Mon, 25 Feb 2002 20:13:18 +0300
In-reply-to: <.iD6VJLPQh16WL2@aport2000.ru>
References: <.iD6VJLPQh16WL2@aport2000.ru>

   OpenBB is free php-based forum.  

   Exploit:
   [img]javasCript:alert('Hello world.')[/img]

   Vulnerable systems:
   All versions of Open Bulletin Board including 
v.1.0.0 

   Immune systems:
   None

   Solution:
   All url's in [img] tags should start  
with "http://"; 

                                     Yurij Rumiantsev

References:
- XMB cross-scripting vulnerability
  - From: skizzik

Prev by Date: Re: CheckPoint FW1 HTTP Security Hole
Next by Date: Re: Remote crashes in Yahoo messenger
Previous by thread: XMB cross-scripting vulnerability
Next by thread: Greymatter 1.21c and earlier - remote login/pass exposure
Index(es):
- Date
- Thread

[Index of Archives] [Linux Security] [Netfilter] [PHP] [Yosemite News] [Linux Kernel]

Powered by Linux