XSS @ DHL

["Static Rez" <staticrez () gmail com>]

I know these XSS vulns are kind of easy to find and they usually come off as
"so easy a monkey could do it", but i thought i'd throw this one out
there...

http://track.dhl-usa.com//atrknav.asp?shipmentNumber=
<script>alert('test')</script>

sincerely,
a monkey.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/