Announcement

Collapse
No announcement yet.

Possible security issue?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Reeve of Shinra
    replied
    I think that would be a browser or OS exploit if anything...

    Leave a comment:


  • cujo
    replied
    That's HTML though which is not allowed by default. Since it is an img, I guess it is the same as within [IMG] tags. I am assuming this is some sort of redirect at the destination end like below? Does it even work? I have never tried it.

    ie. Redirect /goodimg.jpg http://www.mybaddomain.com/badscript.exe

    Leave a comment:


  • DigitALL2
    started a topic Possible security issue?

    Possible security issue?

    Hello,
    I have recently read in a blog the following that is applicable to vBulletin.
    -------------------------------------
    The "Executable Image Exploit" lets you insert a dynamic program into any community or forum website that allows references to off-domain images; like MySpace or eBay, rom10x..etc. By uploading the following line of HTML to a community website, <img src="http://www.mydomain.com/executable.jpg"> you can launch a dynamic program that masquerades as a static image and capable of reading and writing cookies, analyzing referrer (and other browser) variables and access databases. It is even possible to create an image the causes a browser to execute JavaScript.
    --------------------------------------
    Is the vBulletin team aware of this information or is it already fixed long time ago?

Related Topics

Collapse

Working...
X