vulnerability

Recommend this page to a friend!

vulnerability

Subject:	vulnerability
Summary:	<js> and [code]xxx[/code]
Messages:	2
Author:	CTAPbIu_MABP
Date:	2006-08-18 13:16:24
Update:	2007-03-13 22:01:00

1. vulnerability

Report abuse

CTAPbIu_MABP - 2006-08-18 13:16:24

Your class is good but have two serious weakness

first one is javascript vulnerability like this

$bbcode->add_tag(array('Name'=>'link','HasParam'=>true,'HtmlBegin'=>'<a href="%%P%%">','HtmlEnd'=>'</a>'));

parse line

[link=http://phpclasses.org/?"<SCRIPT LANGUAGE=JavaScript>alert('lol')</script> alt="]A link[/link]<br />

and you will have a nice alert

and the second is unable to parse some code like [link]http://phpclasses.org/[/link]

PS sorry for my bad english....

2. Re: vulnerability

Report abuse

Dennis - 2007-03-13 22:01:00 - In reply to message 1 from CTAPbIu_MABP

I just tried that, and it didn't work. What does work, though is the following:

[link=javascript:alert("LOL");]Test[/url].