Full Disclosure mailing list archives
a stupid bug ...that works on mozilla, opera, IE
From: bipin gautam <visitbipin () yahoo com>
Date: Thu, 9 Oct 2003 21:02:02 -0700 (PDT)
--[Description]---
The brouser is letting u compile some-thing inside the
alert function. iT DOES looks dip but for an advance
java script programmer might mean a lot to it.
Well, its should show it anyways without compiling the
script tag as it is inside the quotation. but
surprising, the output is
")
I have successfully, tried this in latest version of
opera and IE 6 and MOZILLA. What do you say???
---[BUG]---
<html>
<body>
<p>THIS IS hUNT3R aka:Bipin Gautam</p>
<script>alert("<script>location.href="http://www.ysgnet.com";</script>")</script>
</body>
</html>
--[Background Information]--
This bug was originally discovered by hUNT3R, a member
of 01 Security Sumbission. The vendor was notified via
email.
http://www.ysgnet.com/hn
__________________________________
Do you Yahoo!?
The New Yahoo! Shopping - with improved product search
http://shopping.yahoo.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Windows Mediaplayer separate vulnerability? Lise Moorveld (Oct 09)
- <Possible follow-ups>
- Fw: Windows Mediaplayer separate vulnerability? http-equiv () excite com (Oct 09)
- a stupid bug ...that works on mozilla, opera, IE bipin gautam (Oct 09)
- Re: a stupid bug ...that works on mozilla, opera, IE Jan Wildeboer (Oct 10)
- a stupid bug ...that works on mozilla, opera, IE bipin gautam (Oct 09)