Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: XSS in Oracle default fcgi-bin/echo
From: paul.szabo () sydney edu au
Date: Sun, 10 Oct 2010 18:22:24 +1100

psy <root () lordepsylon net> wrote:

... Results of the botnet attack in real time:
http://identi.ca/xsserbot01

That shows things like:
.../fcgi-bin/echo/"><script>alert("2982f3d7aa81b3b64c1dbed10ffb953d")</script>
which is NOT the vulnerability I am talking about (as that seems to have
been fixed, long ago).

Reported: aprox 3.080 websites vulnerables.

Thanks for that info.

Cheers, Paul

Paul Szabo   psz () maths usyd edu au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault