[24828] in bugtraq
[IMG] tag vulnerability in vBulletin
daemon@ATHENA.MIT.EDU (frog frog)
Mon Mar 25 23:35:09 2002
Date: 22 Mar 2002 22:56:43 -0000
Message-ID: <20020322225643.18770.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: frog frog <leseulfrog@hotmail.com>
To: bugtraq@securityfocus.com
product :
vbulletin
versions :
2.2.2, 2.2.0 , maybe others.
Probleme :
One knows that if one sendings this code in private
message :
[IMG]javascript:alert('hum');[/IMG]
a space will be placed between "java" and "script".
This filter can be by-passed :
[IMG]javascript:alert('hop');[/IMG]
More details in french :
http://www.ifrance.com/kitetoua/tuto/vBulletin.txt
Translated by google :
http://translate.google.com/translate?u=http%3A%
2F%2Fwww.ifrance.com%2Fkitetoua%2Ftuto%
2FvBulletin.txt&langpair=fr%7Cen&hl=fr&prev=%
2Flanguage_tools
frog-m@n
