NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2002-10

From: 3APA3A (3APA3A_at_SECURITY.NNOV.RU)
Date: Fri Oct 04 2002 - 09:48:00 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Dear bugtraq,

Ikonboard CSS bug via [IMG] tag was reported long time ago for 3.0.x.

  The only change in Ikonboard 3.1.1 (at least on sending private
  messages) is it checks URL extension to be .gif or .jpg, so
  [IMG]javascript:alert(document.cookie).gif[/IMG] still works
  perfectly....

Sorry if it was already reported, I didn't bothered to check it.

-- 
http://www.security.nnov.ru
         /\_/\
        { , . }     |\
+--oQQo->{ ^ }<-----+ \
|  ZARAZA  U  3APA3A   }
+-------------o66o--+ /
                    |/
You know my name - look up my number (The Beatles)

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]