[24524] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

ReBB javascripts vulnerability

daemon@ATHENA.MIT.EDU (skizzik@imail.ru)
Mon Mar 4 16:09:27 2002

Content-Type: text/plain; charset="koi8-r"
Content-Disposition: inline
Content-Transfer-Encoding: 7BIT
MIME-Version: 1.0
Message-Id: <-KW47lrf7zd_5Wg@aport2000.ru>
From: skizzik@imail.ru
Date: Mon, 04 Mar 2002 18:44:33 +0300
To: bugtraq@securityfocus.com

  Hi!

    Another php - board named ReBB 
(http://www.rebb.net) has a [img] vulnerability. 
   
  Exploit:
    Use this string (my favorite :)) - 
[img]javascript:alert('test')[/img]

  Possible decision:    
    All urls in [img] tag should start with http://

                                SliderGod


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[24524] in bugtraq

ReBB javascripts vulnerability

daemon@ATHENA.MIT.EDU (skizzik@imail.ru)Mon Mar 4 16:09:27 2002

daemon@ATHENA.MIT.EDU (skizzik@imail.ru)
Mon Mar 4 16:09:27 2002