ReBB javascripts vulnerability

From: skizzikat_private
Date: Mon Mar 04 2002 - 07:44:33 PST

Next message: securityat_private: "Security Update: [CSSA-2002-SCO.7] OpenServer: multiple vulnerabilities in squid"

Previous message: Andrew Church: "Re: the dangers of disclosing vulnerabilities when the guilty party is ignorant of industry standards"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

  Hi!

    Another php - board named ReBB 
(http://www.rebb.net) has a [img] vulnerability. 
   
  Exploit:
    Use this string (my favorite :)) - 
[img]javascript:alert('test')[/img]

  Possible decision:    
    All urls in [img] tag should start with http://

                                SliderGod

Next message: securityat_private: "Security Update: [CSSA-2002-SCO.7] OpenServer: multiple vulnerabilities in squid"
Previous message: Andrew Church: "Re: the dangers of disclosing vulnerabilities when the guilty party is ignorant of industry standards"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Mar 04 2002 - 13:08:59 PST