Full Disclosure mailing list archives
Re: New Ploblem in Index.cfm
From: Valdis.Kletnieks () vt edu
Date: Wed, 19 Jul 2006 13:48:23 -0400
On Wed, 19 Jul 2006 06:12:49 PDT, saied hackeriran said:
Critical Level : Dangerous
Only if you've installed whatever package index.cfm is from.
This matter happens in index.cfm when
What packack is this from?
We want to run some specific Functions Such as action,event,.... and hacker Can start attacks such as XSS attack by Using simple script or HtML code.
Exploit: Http://www.Site.com/path/index.cfm?action=<script> Http://www.Site.com/path/index.cfm?event=<script> Http://www.Site.com/path/index.cfm?fuseaction=<script>
*yawn*. For bonus points, do you have a way to get these links to be followed that isn't self-inflicted? These things are *so* much more fun if you can get some lamer to follow the link rather than you typing it in yourself on the address bar....
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- New Ploblem in Index.cfm saied hackeriran (Jul 19)
- Re: New Ploblem in Index.cfm Valdis . Kletnieks (Jul 19)