Splatt Forum html injection code in post icon

From: Lethalman (lethalmanat_private)
Date: Tue Jul 15 2003 - 08:53:40 PDT

Next message: Dan Harkless: "CALEA electonic wiretapping on unsecured Solaris boxes"

Previous message: t4at_private: "FIXED: MacOSX - crash screensaver locked with password and get thedesktop back"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) Any user can inject html code when create a new post. The bug are in the post icon: <img src="icon.gif" etc.> If you create a personalized form with this code: icon.gif"><script>alert('bug');<script><any tag=" the final code of the post icon is: <img src="icon.gif"><script>alert('bug');<script><any tag="" etc.> The exploit form is here: http://members.fortunecity.it/lethalman2002/bugs/splatt.html by Lethal Lab (Lethalman)

Next message: Dan Harkless: "CALEA electonic wiretapping on unsecured Solaris boxes"
Previous message: t4at_private: "FIXED: MacOSX - crash screensaver locked with password and get thedesktop back"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Jul 15 2003 - 14:04:21 PDT