Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Open Bulletin Board javascript bug.

From: "Justin" <jwgolihew () cs millersville edu>
Date: Tue, 26 Feb 2002 21:05:07 -0500
Snitz Forums 2000, another free bulletin board software is also vulnerable.

-----Original Message-----
From: godminus [mailto:godminus () owns com]
Sent: Tuesday, February 26, 2002 1:24 PM
To: bugtraq () securityfocus org
Subject: Re: Open Bulletin Board javascript bug.



  OpenBB is free php-based forum.  

  Exploit:
  [img]javasCript:alert('Hello world.')[/img]

  Vulnerable systems:
  All versions of Open Bulletin Board including 
  v.1.0.0 

 Immune systems:
  None

  Solution:
  All url's in [img] tags should start  
  with "http://"; 

                                   Yurij Rumiantsev  


Ikonboard version 3.0.1 is vulnerable for the same bug

 -- godminus
Previous By Date Next
Previous By Thread Next

Current thread: