SECURITY.NNOV: ikonboard 3.1.1 CSS

From: 3APA3A (3APA3Aat_private)
Date: Fri Oct 04 2002 - 07:48:00 PDT

Next message: Makoto Shiotsuki: "WinXP Pro(Gold) Insecure System Restore File Permissions"

Previous message: Cisco Systems Product Security Incident Response Team: "Cisco Security Advisory: Predefined Restriction Tables Allow Calls to International Operator"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dear bugtraq@,

  Ikonboard  CSS bug via [IMG] tag was reported long time ago for 3.0.x.

  The  only  change  in  Ikonboard  3.1.1  (at  least on sending private
  messages)  is  it  checks  URL  extension  to  be  .gif  or  .jpg,  so
  [IMG]javascript:alert(document.cookie).gif[/IMG]      still      works
  perfectly....

  Sorry if it was already reported, I didn't bothered to check it.

-- 
http://www.security.nnov.ru
         /\_/\
        { , . }     |\
+--oQQo->{ ^ }<-----+ \
|  ZARAZA  U  3APA3A   }
+-------------o66o--+ /
                    |/
You know my name - look up my number (The Beatles)

Next message: Makoto Shiotsuki: "WinXP Pro(Gold) Insecure System Restore File Permissions"
Previous message: Cisco Systems Product Security Incident Response Team: "Cisco Security Advisory: Predefined Restriction Tables Allow Calls to International Operator"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Oct 04 2002 - 10:18:39 PDT