Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

XSS Vector at www.borussia.de

From: batchwork () arcor de
Date: Fri, 26 May 2006 14:50:46 +0200 (CEST)
VFL Borussia Moenchengladbach is a german soccer club, playing in the major
league.

Take a look at the webpage. Search form looks pretty nice, mh? And it's a lack
of security. Enter the following code and you can steal, if you know how to,
phpBB sessid's:

-
"><script type="text/javascript">alert(document.cookie);</script>
-

Greeting,
Batchwork

--
freemail adverts:

Viel oder wenig? Schnell oder langsam? Unbegrenzt surfen + telefonieren
ohne Zeit- und Volumenbegrenzung? DAS TOP ANGEBOT JETZT bei Arcor: günstig
und schnell mit DSL - das All-Inclusive-Paket für clevere Doppel-Sparer,
nur  44,85 €  inkl. DSL- und ISDN-Grundgebühr!
http://www.arcor.de/rd/emf-dsl-2

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: