Full Disclosure mailing list archives
XSS Vector at www.borussia.de
From: batchwork () arcor de
Date: Fri, 26 May 2006 14:50:46 +0200 (CEST)
VFL Borussia Moenchengladbach is a german soccer club, playing in the major league. Take a look at the webpage. Search form looks pretty nice, mh? And it's a lack of security. Enter the following code and you can steal, if you know how to, phpBB sessid's: - "><script type="text/javascript">alert(document.cookie);</script> - Greeting, Batchwork -- freemail adverts: Viel oder wenig? Schnell oder langsam? Unbegrenzt surfen + telefonieren ohne Zeit- und Volumenbegrenzung? DAS TOP ANGEBOT JETZT bei Arcor: günstig und schnell mit DSL - das All-Inclusive-Paket für clevere Doppel-Sparer, nur 44,85 inkl. DSL- und ISDN-Grundgebühr! http://www.arcor.de/rd/emf-dsl-2 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- XSS Vector at www.borussia.de batchwork (May 26)