OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Jon (jonbreakwindows.com)
Date: Thu Sep 20 2001 - 20:28:28 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    ShopAOL, one of America Online's features for buying pretty much anything on
    the internet, is vulnerable to having scripts placed within its URL. Pretty
    standard stuff here, but potentially dangerous.

    An example is below:

    http://shopping.search.aol.com/aol/search?aps_terms=%3ch1%3etypical%20stuff%3c%2fh1%3e%3cscript%3ealert%28%27ATTENTION%20ADMINS%27%29%3b%3c%2fscript%3e&aps_referrer=search

    Other AOL sites, including Hometown and AOL-Search, are apparantly not vulnerable.

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.6 (GNU/Linux)
    Comment: For info see http://www.gnupg.org

    iD8DBQE7qpbo8NzIZeC1HLARAq0sAKCBtG7P8H/T7BoFHrXF2okwILI2xwCaA0T4
    UrJphAiCZzfVRENf3pBBe6I=
    =Bn7I
    -----END PGP SIGNATURE-----