Re: Re: micosoft.com xss

["Mad World" <penetrator () home in th>]

Why do you need it ?
You already discovered xss, the rest of "job" is just matter of technique.
I think majority of xss submitters here could do it by various means.
M$ is lost in its own complexity of how to do simple things.

If you could ever give me reasonable answer for why do you need this $hit - I could give you the "rest", like others 
could.

SomeMan

--- thomas.pollet () gmail com wrote:

From: Thomas Pollet <thomas.pollet () gmail com> 
Date: Mon, 7 Aug 2006 21:02:02 +0200

> Hello, 


> I have found that microsoft.com fails to filter html properly on some pages. 


> http://support.microsoft.com/newsgroups/default.aspx?lang=en&cr=US&dg=microsoft.public.ccf&sloc=us&apos;);alert('xss<http://support.microsoft.com/newsgroups/default.aspx?lang=en&cr=US&dg=microsoft.public.ccf&sloc=us%27%29;alert%28%27xss>


> this causes javascript to be executed when a user clicks the help link. 
> Someone knows how to get js executed on page load? 


> greets, 
> Thomas 


_____________________________________________________________
Visit Thailand @ http://www.sawadee.com
Websearch and email: DNSASIA.com ....  FAST!
128k dialup: login.samuinet.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/