Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web BBS :: etc :: web5137.htm

XMB cross-scripting vulnerability



25th Feb 2002 [SBWID-5137]
COMMAND

	XMB cross-scripting vulnerability

SYSTEMS AFFECTED

	 All versions of XMB board, including  last version -

	 XMB 1.6x Magic Lantern

	

PROBLEM

	SliderGod posted :
	

	XMB is a php-based forum. This product contain a  Cross  Site  Scripting
	vulnerability that allows  attackers  to  insert  JavaScript  code  (and
	other  HTML  code)  into  existing  messages,  bypassing  the   internal
	JavaScript/HTML code stripper.
	

	 Exploit :

	 =======

	

	[img]javasCript:alert(\'Hello world.\')[/img]

	

SOLUTION

	Searching the image URL for the text \"javascript:\"  should  solve  the
	problem


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH