Home page logo
/

bugtraq logo Bugtraq mailing list archives

XSS vulnerability in Mojo Mail Sign-Up Form
From: Daniel Boland <Electrophreak () blueyonder co uk>
Date: 24 Oct 2002 12:57:02 -0000



Heya, this is my first post here so go easy on me plz. I posted about this 
on the Mojo Bug Tracker ages ago and it's just been ignored, and besides, 
Im losing faith in reporting to the vendor, PHP Arena took the credit for 
an XSS bug I found in their paFileDB. But anyway, Mojo Mail doesn't filter 
sign-up requests, here's an example on Mojo's site:

http://mojo.skazat.com/cgi-bin/mojo/mojo.cgi?flavor=subscribe&email=%
3Cscript%3Ealert%28%22XSS%20Vuln.%22%29%3C%2Fscript%
3E&list=skazat_design_newsletter&submit=Submit

I don't know if I'm supposed to say more but it's just XSS, I think that's 
it?
~ElectroPhreak


  By Date           By Thread  

Current thread:
  • XSS vulnerability in Mojo Mail Sign-Up Form Daniel Boland (Oct 24)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault