[24402] in bugtraq

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Open Bulletin Board javascript bug.

daemon@ATHENA.MIT.EDU (skizzik@imail.ru)
Mon Feb 25 16:11:03 2002

Content-Type: text/plain; charset="koi8-r"
Content-Disposition: inline
Content-Transfer-Encoding: 7BIT
MIME-Version: 1.0
Message-Id: <glFthcN6-.jooTS@aport2000.ru>
From: skizzik@imail.ru
Date: Mon, 25 Feb 2002 20:13:18 +0300
To: bugtraq@securityfocus.com
In-Reply-To: <.iD6VJLPQh16WL2@aport2000.ru>

   OpenBB is free php-based forum.  

   Exploit:
   [img]javasCript:alert('Hello world.')[/img]

   Vulnerable systems:
   All versions of Open Bulletin Board including 
v.1.0.0 

   Immune systems:
   None

   Solution:
   All url's in [img] tags should start  
with "http://" 

                                     Yurij Rumiantsev  

home	help	back	first	fref	pref	prev	next	nref	lref	last	post