PostBoard 2.0 BBCode IMG Tag Script Injection Vulnerability

2002-04-19T00:00:00
ID EDB-ID:21401
Type exploitdb
Reporter gcsb
Modified 2002-04-19T00:00:00

Description

PostBoard 2.0 BBCode IMG Tag Script Injection Vulnerability. CVE-2002-0535. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/4559/info

PostBoard is a freely available, open source message board module for the PostNuke content management system. It is designed for use on the Unix and Linux operating systems.

PostBoard does not sanitize code submitted to site between IMG tags. Due to this, a malicious user may be able to submit a post to the site with script code between two IMG tags. 

The following code is proof of concept:

[IMG]javascript:alert('give me cookies');[/IMG]