Re: [Full-Disclosure] home land tracker software

From: Clint Bodungen (clint_at_secureconsulting.com)
Date: 02/06/04

  • Next message: Stefan Esser: "Re: [Full-Disclosure] Interesting side effect of the new IE patch"
    To: "Logan5" <Logan5@Logan5.com>, <full-disclosure@lists.netsys.com>
    Date: Fri, 6 Feb 2004 16:37:03 -0600
    
    

    You misstyped your syntax... it should be:

    <script>alert('secured!')</script>

    But yes you are right.

    ----- Original Message -----
    From: "Logan5" <Logan5@Logan5.com>
    To: <full-disclosure@lists.netsys.com>
    Sent: Friday, February 06, 2004 3:06 PM
    Subject: RE: [Full-Disclosure] home land tracker software

    > LOL
    >
    > The NAMECHECK dialog is succeptable to XSS. Enter the following into
    > any of the fields:
    >
    > <script>alert('secured!')</alert>
    >
    > -L5
    >

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: Stefan Esser: "Re: [Full-Disclosure] Interesting side effect of the new IE patch"