Bugtraq mailing list archives
SECURITY.NNOV: ikonboard 3.1.1 CSS
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Fri, 4 Oct 2002 18:48:00 +0400
Dear bugtraq@, Ikonboard CSS bug via [IMG] tag was reported long time ago for 3.0.x. The only change in Ikonboard 3.1.1 (at least on sending private messages) is it checks URL extension to be .gif or .jpg, so [IMG]javascript:alert(document.cookie).gif[/IMG] still works perfectly.... Sorry if it was already reported, I didn't bothered to check it. -- http://www.security.nnov.ru /\_/\ { , . } |\ +--oQQo->{ ^ }<-----+ \ | ZARAZA U 3APA3A } +-------------o66o--+ / |/ You know my name - look up my number (The Beatles)
Current thread:
- SECURITY.NNOV: ikonboard 3.1.1 CSS 3APA3A (Oct 04)
- Re: SECURITY.NNOV: ikonboard 3.1.1 CSS Rajkumar S. (Oct 07)