Bugtraq mailing list archives
E107 + IPB XSS Exploit
From: edward11 () postmaster co uk
Date: 8 Aug 2005 11:45:36 -0000
E107 + IPB XSS Exploit memo Works on e107 and IPB "maybe others like xoops not yet tested" An XSS vulnerability allowed users to inject code When posting a html attachment tested succesfully on ipb 1.0.3 all the vers should be vuln tested on e107 6.* Patch none yet, workround. disalow .html as upload ---------------------------------- <html> <body> <script>alert('VULN');</script> </body> </html> ---------------------------------- */ To test if you vunreable save the "SCRIPT ABOVE" code int oa .html file and add as an attachment in a post /*
Current thread:
- E107 + IPB XSS Exploit edward11 (Aug 08)