[IMG] tag vulnerability in vBulletin

From: frog frog (leseulfrogat_private)
Date: Fri Mar 22 2002 - 14:56:43 PST

Next message: Jason Giglio: "secureinc.com Vulnerability"

Previous message: John Percival: "Re: memberlist.php of vBulletin"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) product : vbulletin versions : 2.2.2, 2.2.0 , maybe others. Probleme : One knows that if one sendings this code in private message : [IMG]javascript:alert('hum');[/IMG] a space will be placed between "java" and "script". This filter can be by-passed : [IMG]javascript:alert('hop');[/IMG] More details in french : http://www.ifrance.com/kitetoua/tuto/vBulletin.txt Translated by google : http://translate.google.com/translate?u=http%3A% 2F%2Fwww.ifrance.com%2Fkitetoua%2Ftuto% 2FvBulletin.txt&langpair=fr%7Cen&hl=fr&prev=% 2Flanguage_tools frog-m@n

Next message: Jason Giglio: "secureinc.com Vulnerability"
Previous message: John Percival: "Re: memberlist.php of vBulletin"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Mar 25 2002 - 20:27:30 PST