Home page logo

fulldisclosure logo Full Disclosure mailing list archives

XSS injection in netadmin's challenge in Dreamhack
From: klondike <klondike () klondike es>
Date: Sat, 24 Nov 2012 12:58:26 +0100


It is possible to make an XSS injection in the netadmin service provided
at https://dreamhack.netadmin.se/ on, at least, the title header.

For this just set the nick as the script to inject and there you go, it
will be copied literally on the title and may also be copied on the

http://i.imgur.com/w4fvg.png is a pic which shows the attack in action.


Attachment: signature.asc
Description: OpenPGP digital signature

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
  • XSS injection in netadmin's challenge in Dreamhack klondike (Nov 24)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]