Exploit PostBoard 2.0 - BBCode IMG Tag Script Injection

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
21401
Проверка EDB
  1. Пройдено
Автор
GCSB
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2002-0535
Дата публикации
2002-04-19
Код:
source: https://www.securityfocus.com/bid/4559/info

PostBoard is a freely available, open source message board module for the PostNuke content management system. It is designed for use on the Unix and Linux operating systems.

PostBoard does not sanitize code submitted to site between IMG tags. Due to this, a malicious user may be able to submit a post to the site with script code between two IMG tags. 

The following code is proof of concept:

[IMG]javascript:alert('give me cookies');[/IMG]
 
Источник
www.exploit-db.com

Похожие темы