Bugtraq mailing list archives

Open Bulletin Board javascript bug.

From: skizzik () imail ru
Date: Mon, 25 Feb 2002 20:13:18 +0300

   OpenBB is free php-based forum.  

   Exploit:
   [img]javasCript:alert('Hello world.')[/img]

   Vulnerable systems:
   All versions of Open Bulletin Board including 
v.1.0.0 

   Immune systems:
   None

   Solution:
   All url's in [img] tags should start  
with "http://"; 

                                     Yurij Rumiantsev

Current thread:

XMB cross-scripting vulnerability skizzik (Feb 23)
- Open Bulletin Board javascript bug. skizzik (Feb 25)