Bugtraq mailing list archives

Re: SECURITY.NNOV: ikonboard 3.1.1 CSS

From: "Rajkumar S." <listuser () myrealbox com>
Date: Fri, 4 Oct 2002 23:59:09 +0530 (IST)

On Fri, 4 Oct 2002, 3APA3A wrote:

  The only change in Ikonboard 3.1.1 (at least on sending private
  messages)  is  it  checks  URL  extension  to  be  .gif  or  .jpg,  so
  [IMG]javascript:alert(document.cookie).gif[/IMG]      still      works
  perfectly....


Not working for me, IconBoard 3.1.1

Error message is
Sorry, dynamic pages in the [IMG] tags are not allowed

raj

Current thread:

SECURITY.NNOV: ikonboard 3.1.1 CSS 3APA3A (Oct 04)
- Re: SECURITY.NNOV: ikonboard 3.1.1 CSS Rajkumar S. (Oct 07)