[27328] in bugtraq
Re: SECURITY.NNOV: ikonboard 3.1.1 CSS
daemon@ATHENA.MIT.EDU (Rajkumar S.)
Mon Oct 7 16:39:12 2002
Date: Fri, 4 Oct 2002 23:59:09 +0530 (IST)
From: "Rajkumar S." <listuser@myrealbox.com>
To: 3APA3A <3APA3A@SECURITY.NNOV.RU>
In-Reply-To: <192-1535633745.20021004184800@SECURITY.NNOV.RU>
Message-ID: <Pine.LNX.4.33.0210042357440.2212-100000@swathi.lanscape.co.in>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Fri, 4 Oct 2002, 3APA3A wrote:
> The only change in Ikonboard 3.1.1 (at least on sending private
> messages) is it checks URL extension to be .gif or .jpg, so
> [IMG]javascript:alert(document.cookie).gif[/IMG] still works
> perfectly....
Not working for me, IconBoard 3.1.1
Error message is
Sorry, dynamic pages in the [IMG] tags are not allowed
raj
