PostBoard 2.0 - BBCode IMG Tag Script Injection

Author: gcsb
type: webapps
platform: php
port: 
date_added: 2002-04-19 
date_updated: 2012-09-19 
verified: 1 
codes: CVE-2002-0535;OSVDB-9247 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/4559/info

PostBoard is a freely available, open source message board module for the PostNuke content management system. It is designed for use on the Unix and Linux operating systems.

PostBoard does not sanitize code submitted to site between IMG tags. Due to this, a malicious user may be able to submit a post to the site with script code between two IMG tags.

The following code is proof of concept:

[IMG]javascript:alert('give me cookies');[/IMG]