Lucene search

K

ReBB 1.0 - Image Tag Cross-Agent Scripting

๐Ÿ—“๏ธย 04 Mar 2002ย 00:00:00Reported byย skizzikTypeย 
exploitdb
ย exploitdb
๐Ÿ”—ย www.exploit-db.com๐Ÿ‘ย 16ย Views

ReBB 1.0 allows image tag injection, enabling arbitrary script code execution and credential theft.

Show more
Code
source: https://www.securityfocus.com/bid/4220/info

ReBB is web forum software which will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. It is written in PHP and may be back-ended by a number of databases.

ReBB allows users to include images in forum messages using image tags, with the following syntax:

[img]url of image[/img]

It is possible to inject arbitrary script code into forum messages via these image tags. Script code will be executed in the browser of the user viewing the forum message, in the context of the website running the vulnerable software. This may allow an attacker to steal cookie-based authentication credentials. 

[img]javascript:alert('test')[/img] 

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
04 Mar 2002 00:00Current
7.4High risk
Vulners AI Score7.4
16
.json
Report