Splatt Forum 3.0 Image Tag HTML Injection Vulneraility

2002-06-06T00:00:00
ID EDB-ID:21514
Type exploitdb
Reporter MegaHz
Modified 2002-06-06T00:00:00

Description

Splatt Forum 3.0 Image Tag HTML Injection Vulneraility. CVE-2002-0959. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/4953/info

Splatt Forum does not filter HTML from image tags. This may allow an attacker to inject arbitrary script code in forum messages. Injected script code will be executed in the browser of an arbitrary web user who views the malicious forum message, in the context of the website running Splatt Forum.

This may potentially be exploited to hijack web content or steal cookie-based authentication credentials from legitimate users. 

[img]http://a.a/a"onerror="javascript:alert(document.cookie)[/img]