UBB Vuln

["lok lok" <itslok () hotmail com>]

well, i contacted infopop with this but they haven't fixed it yet..

the prob is that IE will convert "(" or "&#40" (without the semi-colon) 
to "("...

this allows you to do pretty much anything you like on any ubb (probably any 
bulletin board) you like..

the way i use it is:

[url=null"onMouseDown="alert&#40document.c&#111okie);"]click[/url]

the event onMouseDown isn't banned, neither is OnFocus, onMouseOut, and many 
many others that i haven' bothered looking up.

so you can steal the cookie, etc, etc, whatever you like.

So far infopop have just said they are fixing it yet infopop.com is STILL 
vulnerable at the time of writing this.

it doesn't however work on 6.2 in IMG TAGS, this is because any image with a 
" in it will be spaced out..

why they haven't done this in the URL tags is beyond me...,

and for fun and games you can play around with the "style='beep:blah';" all 
you like as well...

_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com