fusetalk.xss.txt

fusetalk.xss.txt: Posted Oct 24, 2004; Authored by Matthew Oyer; Fusetalk forum 4.0 is susceptible to a cross site scripting flaw due to a lack of filtering img tags.; tags | advisory, xss; SHA-256 | 3b0b5404dc37639becf8449caf160752b3e9c099234ddd50b7d3b04cacc83cc8; Download | Favorite | View

fusetalk.xss.txt

Vendor : fusetalk
URL : http://www.fusetalk.com/
Version: 4.0
Risk : Cross site scripting
 
Description: Fusetalk is a discussion forum solution that provides a
powerful and simple method of web-based collaboration.
 
 
Cross site scripting: The filtering script for the img src= doesnt
filter " if preceeded by a ?. The cross site scripting works because the
<img src=" tag can be closed by a target url with " which then permits
the user to use such oneventhandles as onmouseover.
 
Solution: The easiest way would be to just replace all characters with
their &#xx; equivilant.
 
Credits: Credits goto my loving fiance, you push me todo things i never
thought possible.
 
Exploit: This is exploited by passing a img src with malicious
javascript.
 
Spiffomatic64
Hacking is an art-form

Top Authors In Last 30 Days

Red Hat 295 files
Ubuntu 58 files
Debian 35 files
Gentoo 32 files
LiquidWorm 10 files
Apple 9 files
malvuln 6 files
Adam Gowdiak 4 files
nu11secur1ty 4 files
Ahmet Umit Bayram 4 files

File Archives

Systems

AIX (429)
Apple (2,087)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,042)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,499)
HPUX (880)
iOS (375)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,597)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,755)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,493)
UNIX (9,400)
UnixWare (187)
Windows (6,659)
Other

fusetalk.xss.txt

fusetalk.xss.txt

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

fusetalk.xss.txt

Share This

fusetalk.xss.txt

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems