Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Linkifier Plus executing JS?

Linkifier Plus executing JS?

From: John Richard Moser <nigelenki_at_comcast.net>
Date: Mon, 12 Feb 2007 15:37:46 -0500

I'm using Linkifier Plus[1] and it keeps replacing 'undefined' with
'ftp://ftp.' anywhere it sees it. I am starting to wonder if there's
some way to get it to execute arbitrary Java Script, but I don't know
quite how to try to trick it; I would imagine all one word things like
alert('Luser!') would do it...

Anyway, thought that was interesting. Haven't probed into it deeper.

Linkifier Plus is built off Linkifier and Linkify Plus, so those may
also be affected...

[1] http://userscripts.org/scripts/show/6128 

-- 
    We will enslave their women, eat their children and rape their
    cattle!
             -- Bosc, Evil alien overlord from the fifth dimension
Anti-Spam:  https://bugzilla.mozilla.org/show_bug.cgi?id=229686
Received on Feb 12 2007
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos