PostBoard 2.0 - BBCode IMG Tag Script Injection
| EKU-ID: 26908 | CVE: CVE-2002-0535;OSVDB-9247 | OSVDB-ID: |
| Author: gcsb | Published: 2002-04-19 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 26908 | CVE: CVE-2002-0535;OSVDB-9247 | OSVDB-ID: |
| Author: gcsb | Published: 2002-04-19 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/4559/info
PostBoard is a freely available, open source message board module for the PostNuke content management system. It is designed for use on the Unix and Linux operating systems.
PostBoard does not sanitize code submitted to site between IMG tags. Due to this, a malicious user may be able to submit a post to the site with script code between two IMG tags.
The following code is proof of concept:
[IMG]javascript:alert('give me cookies');[/IMG]