(0)
Fix Solution by Kilandor.
Updated, Replace the whole function. (Easier to do it like this)
Thanks to Orkan for Suggesting the eregi_replace
The Fix is included in a text file, otherwise you will not be able to correctly view it.
You can see the fix working in action here.
Below is a modified verson, or the orginal posted code. (So it redirects only to http://www.seditioforge.com/)
[t=f.jpg[img]onerror=document.write('<frameset cols=100% rows=100% border=0 frameborder=0 framespacing=0><frame frameborder=0 src=http://www.seditioforge.com></frameset>') x=document.jpg[/img]x.jpg]x
ss.jpg[/t]x=document.jpg[/img]ss.jpg[/t]
And below in ASCII format
[t=f.jpg[img]onerror=document.writ
e('<frameset cols=
100% rows=100% bord
er=0 frameborder=0
framespacing=0><f
rame frameborder=0
src=http://www.sed
itioforge.com></fra
meset>') x=document.jpg[/img]x.jpg]xss.jpg[/t]x=document.jpg[/img]ss.jpg[/t]
I broke the URL so the page doesn't Overflow...
Updated, Replace the whole function. (Easier to do it like this)
Thanks to Orkan for Suggesting the eregi_replace
The Fix is included in a text file, otherwise you will not be able to correctly view it.
You can see the fix working in action here.
Below is a modified verson, or the orginal posted code. (So it redirects only to http://www.seditioforge.com/)
HTML4STRICT Code:
[t=f.jpg[img]onerror=document.write('<frameset cols=100% rows=100% border=0 frameborder=0 framespacing=0><frame frameborder=0 src=http://www.seditioforge.com></frameset>') x=document.jpg[/img]x.jpg]x
ss.jpg[/t]x=document.jpg[/img]ss.jpg[/t]And below in ASCII format
[t=f.jpg[img]onerror=document.writ
e('<frameset cols=
100% rows=100% bord
er=0 frameborder=0
framespacing=0><f
rame frameborder=0
src=http://www.sed
itioforge.com></fra
meset>') x=document.jpg[/img]x.jpg]xss.jpg[/t]x=document.jpg[/img]ss.jpg[/t]
I broke the URL so the page doesn't Overflow...
Download : Security Fix - ASCII Insertion into Text 
Size: 1KB, downloaded 676 times
Size: 1KB, downloaded 676 times