|
阅读:1213回复:0
添砖加瓦
XMB is a php-based forum. This product contain a
Cross Site Scripting vulnerability that allows attackers to insert JavaScript code (and other HTML code) into existing messages, bypassing the internal JavaScript/HTML code stripper. Exploit: (img)javasCript:alert(\'Hello world.\')(/img) 注:上面img和/img旁边的符号应该为[] Vulnerable systems: All versions of XMB board, including last version - XMB 1.6x Magic Lantern Immune systems: None Possible solution: Searching the image URL for the text \"javascript:\" should solve the problem SliderGod. 这里同样有这个问题。 [编辑 - 7/6/02 by 5141] |
|
