Bugtraq mailing list archives

SECURITY.NNOV: ikonboard 3.1.1 CSS

From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Fri, 4 Oct 2002 18:48:00 +0400

Dear bugtraq@,

  Ikonboard  CSS bug via [IMG] tag was reported long time ago for 3.0.x.

  The  only  change  in  Ikonboard  3.1.1  (at  least on sending private
  messages)  is  it  checks  URL  extension  to  be  .gif  or  .jpg,  so
  [IMG]javascript:alert(document.cookie).gif[/IMG]      still      works
  perfectly....

  Sorry if it was already reported, I didn't bothered to check it.

-- 
http://www.security.nnov.ru
         /\_/\
        { , . }     |\
+--oQQo->{ ^ }<-----+ \
|  ZARAZA  U  3APA3A   }
+-------------o66o--+ /
                    |/
You know my name - look up my number (The Beatles)

Current thread:

SECURITY.NNOV: ikonboard 3.1.1 CSS 3APA3A (Oct 04)
- Re: SECURITY.NNOV: ikonboard 3.1.1 CSS Rajkumar S. (Oct 07)