Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web BBS :: etc :: bt638.txt

Splatt Forum html injection code in post icon

Any user can inject html code when create a new post.

The bug are in the post icon:

<img src="icon.gif" etc.>

If you create a personalized form with this code:



the final code of the post icon is:



tag="" etc.>

The exploit form is here:

by Lethal Lab (Lethalman)

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH