Computer Security
[EN] securityvulns.ru no-pyccku


Related information

  Ikonboard crossite scripting

  Ikonboard 3.1.1 multiple crossite scriptings

From:3APA3A <3APA3A_(at)_security.nnov.ru>
Date:04.10.2002
Subject:SECURITY.NNOV: ikonboard 3.1.1 CSS

Dear [email protected],

 Ikonboard  CSS bug via [IMG] tag was reported long time ago for 3.0.x.

 The  only  change  in  Ikonboard  3.1.1  (at  least on sending private
 messages)  is  it  checks  URL  extension  to  be  .gif  or  .jpg,  so
 [IMG]javascript:alert(document.cookie).gif[/IMG]      still      works
 perfectly....

 Sorry if it was already reported, I didn't bothered to check it.

--
http://www.security.nnov.ru
        /\_/\
       { , . }     |\
+--oQQo->{ ^ }<-----+ \
|  ZARAZA  U  3APA3A   }
+-------------o66o--+ /
                   |/
You know my name - look up my number (The Beatles)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod