Exploit Database - Logo

Splatt Forum 3.0 - Image Tag HTML Injection

EDB-ID: 21514 Author: MegaHz Published: 2002-06-06
CVE: CVE-2002-0959 Type: Webapps Platform: PHP
Aliases: N/A Advisory/Source: Link Tags: N/A
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: N/A
« Previous Exploit Next Exploit » 
source: http://www.securityfocus.com/bid/4953/info

Splatt Forum does not filter HTML from image tags. This may allow an attacker to inject arbitrary script code in forum messages. Injected script code will be executed in the browser of an arbitrary web user who views the malicious forum message, in the context of the website running Splatt Forum.

This may potentially be exploited to hijack web content or steal cookie-based authentication credentials from legitimate users. 

[img]http://a.a/a"onerror="javascript:alert(document.cookie)[/img]

Related Exploits

Trying to match CVEs (1): CVE-2002-0959
Trying to match OSVDBs (1): 9233
Other Possible E-DB Search Terms: Splatt Forum 3.0,  Splatt Forum
Date D V Title Author
2003-07-15Download Exploit Code Verified Splatt Forum 3/4 - Post Icon HTML InjectionLethalman
2003-03-12Download Exploit Code Verified PHP-Nuke Splatt Forum 3.2 Module - Full Path DisclosureRynho Zeros...
2003-05-01Download Exploit Code Verified PHP-Nuke Splatt Forum 4.0 Module - Cross-Site ScriptingMorning Wood
2003-05-01Download Exploit Code Verified PHP-Nuke Splatt Forum 4.0 Module - HTML InjectionMorning Wood
Menu