Bugtraq mailing list archives
Re: Destiney Rated Images Script v0.5.0 - XSS Vulnv
From: "Steven M. Christey" <coley () mitre org>
Date: Fri, 26 May 2006 01:18:32 -0400 (EDT)
Webmaster at destiney said:
I pasted the following example XSS code into both form fields, and saw no evidence of XSS vulnerabilities: <DIV STYLE="background-image: url(javascript:alert('XSS'))">
According to the XSS cheat sheet at http://ha.ckers.org/xss.html, STYLE attributes in DIV tags are only effective in the Internet Explorer rendering engine (they worked fine for me in IE but not mozilla). Were you using IE when you checked these results? - Steve
Current thread:
- Destiney Rated Images Script v0.5.0 - XSS Vulnv luny (May 22)
- <Possible follow-ups>
- Re: Destiney Rated Images Script v0.5.0 - XSS Vulnv webmaster (May 24)
- Re: Destiney Rated Images Script v0.5.0 - XSS Vulnv Steven M. Christey (May 26)