Snitz Forums 2000, another free bulletin board software is also vulnerable. -----Original Message----- From: godminus [mailto:godminus@owns.com] Sent: Tuesday, February 26, 2002 1:24 PM To: bugtraq@securityfocus.org Subject: Re: Open Bulletin Board javascript bug. > OpenBB is free php-based forum. > > Exploit: > [img]javasCript:alert('Hello world.')[/img] > > Vulnerable systems: > All versions of Open Bulletin Board including > v.1.0.0 > > Immune systems: > None > > Solution: > All url's in [img] tags should start > with "http://"; > > Yurij Rumiantsev Ikonboard version 3.0.1 is vulnerable for the same bug -- godminus
