Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Malicious-HTML vulnerabilities at deja.com
From: dan-bugtraq () DILVISH SPEED NET (Dan Harkless)
Date: Mon, 20 Mar 2000 12:16:25 -0800

Geert Altena <geert () uttnarag tn utwente nl> writes:

Comes out as (copy/paste from netscape):
Forum: alt.test
Thread: </title><script
onLoad="return bar()">
Message 1 of 1

Subject: </title><script src="http://www.in-design.com/~nsmart/foo.js";>
         </script><body onLoad="return bar()">
Date: 03/01/2000
Author: regkey <regkey () yahoo com>

I have javascript enabled, no popup.

Perhaps they fixed the default viewing format, but they didn't fix the "Deja
Classic" interface, which is what I use (as I can't stand the new design).



At least with Netscape Communicator 4.7 (on NT) that definitely makes a

Didn't try the redirection one:

Redirection using meta tag:


but I suspect the same is true there.

Dan Harkless                   | To prevent SPAM contamination, please
dan-bugtraq () dilvish speed net  | do not mention this private email
SpeedGate Communications, Inc. | address in Usenet posts.  Thank you.

  By Date           By Thread  

Current thread:
  • Re: Malicious-HTML vulnerabilities at deja.com Dan Harkless (Mar 20)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]