Exploit Snitz Forums 2000 3.0/3.1/3.3 - Image Tag Cross-Agent Scripting

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
21308
Проверка EDB
  1. Пройдено
Автор
JUSTIN
Тип уязвимости
WEBAPPS
Платформа
ASP
CVE
cve-2002-0329
Дата публикации
2002-02-27
Код:
source: https://www.securityfocus.com/bid/4192/info

Snitz Forums 2000 is ASP-based web forum software. It runs on Microsoft Windows operating systems.

Snitz Forums 2000 allows users to include images in forum messages using image tags, with the following syntax:

[img]url of image[/img]

It is possible to inject arbitrary script code into forum messages via these image tags. Script code will be executed in the browser of the user viewing the forum message, in the context of the website running the vulnerable software. This may allow an attacker to steal cookie-based authentication credentials. 


[img]javasCript:alert('Hello world.')[/img]
 
Источник
www.exploit-db.com

Похожие темы