Home page logo
/

bugtraq logo Bugtraq mailing list archives

SECURITY.NNOV: ikonboard 3.1.1 CSS
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Fri, 4 Oct 2002 18:48:00 +0400

Dear bugtraq@,

  Ikonboard  CSS bug via [IMG] tag was reported long time ago for 3.0.x.

  The  only  change  in  Ikonboard  3.1.1  (at  least on sending private
  messages)  is  it  checks  URL  extension  to  be  .gif  or  .jpg,  so
  [IMG]javascript:alert(document.cookie).gif[/IMG]      still      works
  perfectly....

  Sorry if it was already reported, I didn't bothered to check it.

-- 
http://www.security.nnov.ru
         /\_/\
        { , . }     |\
+--oQQo->{ ^ }<-----+ \
|  ZARAZA  U  3APA3A   }
+-------------o66o--+ /
                    |/
You know my name - look up my number (The Beatles)


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]