Re: Open Bulletin Board javascript bug.
From: godminus (godminus@owns.com)Date: 02/26/02
- Previous message: h1kari: "Practical Exploitation of RC4 Weaknesses in WEP Environments"
- Next in thread: Justin: "RE: Open Bulletin Board javascript bug."
- Reply: Justin: "RE: Open Bulletin Board javascript bug."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 26 Feb 2002 20:24:29 +0200 From: godminus <godminus@owns.com> To: bugtraq@securityfocus.org
> OpenBB is free php-based forum.
>
> Exploit:
> [img]javasCript:alert('Hello world.')[/img]
>
> Vulnerable systems:
> All versions of Open Bulletin Board including
> v.1.0.0
>
> Immune systems:
> None
>
> Solution:
> All url's in [img] tags should start
> with "http://"
>
> Yurij Rumiantsev
Ikonboard version 3.0.1 is vulnerable for the same bug
-- godminus
- Previous message: h1kari: "Practical Exploitation of RC4 Weaknesses in WEP Environments"
- Next in thread: Justin: "RE: Open Bulletin Board javascript bug."
- Reply: Justin: "RE: Open Bulletin Board javascript bug."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
