[27302] in bugtraq
SECURITY.NNOV: ikonboard 3.1.1 CSS
daemon@ATHENA.MIT.EDU (3APA3A)
Fri Oct 4 13:26:24 2002
Date: Fri, 4 Oct 2002 18:48:00 +0400
From: 3APA3A <3APA3A@SECURITY.NNOV.RU>
Reply-To: 3APA3A <3APA3A@SECURITY.NNOV.RU>
Message-ID: <192-1535633745.20021004184800@SECURITY.NNOV.RU>
To: bugtraq@securityfocus.com, bugtraq@SECURITY.NNOV.RU
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Dear bugtraq@,
Ikonboard CSS bug via [IMG] tag was reported long time ago for 3.0.x.
The only change in Ikonboard 3.1.1 (at least on sending private
messages) is it checks URL extension to be .gif or .jpg, so
[IMG]javascript:alert(document.cookie).gif[/IMG] still works
perfectly....
Sorry if it was already reported, I didn't bothered to check it.
--
http://www.security.nnov.ru
/\_/\
{ , . } |\
+--oQQo->{ ^ }<-----+ \
| ZARAZA U 3APA3A }
+-------------o66o--+ /
|/
You know my name - look up my number (The Beatles)
