|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
CrossSite Scripting
Snitz Forums 2000
badwebmastersonline.de
Date: Thu Apr 17 2003 - 13:33:38 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Description:
The BadWord-(Script-)Filter can be tricked by adding the Tab-Char (0x09)
into the script command. This may lead to CrossSite-Scripting.
Exploit:
[img]jav asc ript:alert%28document.cookie%29[/img]
Vendor:
Has been contacted on 15. April.
Patch:
Available at http://int23.online.de/badwebmasters/txt/adv011.txt
greetZ bWM
-----------------------------------------------------
badWebMasters - online security vs. web underground
http://int23.online.de/badwebmasters
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]