lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 8 Aug 2005 11:45:36 -0000 From: edward11@...tmaster.co.uk To: bugtraq@...urityfocus.com Subject: E107 + IPB XSS Exploit E107 + IPB XSS Exploit memo Works on e107 and IPB "maybe others like xoops not yet tested" An XSS vulnerability allowed users to inject code When posting a html attachment tested succesfully on ipb 1.0.3 all the vers should be vuln tested on e107 6.* Patch none yet, workround. disalow .html as upload ---------------------------------- <html> <body> <script>alert('VULN');</script> </body> </html> ---------------------------------- */ To test if you vunreable save the "SCRIPT ABOVE" code int oa .html file and add as an attachment in a post /*