E107 + IPB XSS Exploit
memo Works on e107 and IPB "maybe others like xoops not yet tested"
An XSS vulnerability allowed users to inject code
When posting a html attachment
tested succesfully on ipb 1.0.3 all the vers should be vuln
tested on e107 6.*
Patch none yet,
workround. disalow .html as upload
----------------------------------
<html>
<body>
<script>alert('VULN');</script>
</body>
</html>
----------------------------------
*/ To test if you vunreable save the "SCRIPT ABOVE" code int oa .html file and add as an attachment in a post /*
