Full Disclosure mailing list archives
Re: XSS in Oracle default fcgi-bin/echo
From: paul.szabo () sydney edu au
Date: Sun, 10 Oct 2010 18:22:24 +1100
psy <root () lordepsylon net> wrote:
... Results of the botnet attack in real time: http://identi.ca/xsserbot01
That shows things like:
.../fcgi-bin/echo/"><script>alert("2982f3d7aa81b3b64c1dbed10ffb953d")</script>
which is NOT the vulnerability I am talking about (as that seems to have
been fixed, long ago).
Reported: aprox 3.080 websites vulnerables.
Thanks for that info. Cheers, Paul Paul Szabo psz () maths usyd edu au http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- XSS in Oracle default fcgi-bin/echo paul . szabo (Oct 07)
- Re: XSS in Oracle default fcgi-bin/echo Nahuel Grisolia (Oct 08)
- Re: XSS in Oracle default fcgi-bin/echo psy (Oct 09)
- Re: XSS in Oracle default fcgi-bin/echo paul . szabo (Oct 10)
- Re: XSS in Oracle default fcgi-bin/echo psy (Oct 09)
- <Possible follow-ups>
- Re: XSS in Oracle default fcgi-bin/echo paul . szabo (Oct 13)
- Re: XSS in Oracle default fcgi-bin/echo Thor (Hammer of God) (Oct 13)
- Re: XSS in Oracle default fcgi-bin/echo paul . szabo (Oct 13)
- Re: XSS in Oracle default fcgi-bin/echo Thor (Hammer of God) (Oct 13)
- Re: XSS in Oracle default fcgi-bin/echo paul . szabo (Oct 13)
- Re: XSS in Oracle default fcgi-bin/echo Thor (Hammer of God) (Oct 13)
- Re: XSS in Oracle default fcgi-bin/echo Riyaz Walikar (Oct 17)
- Re: XSS in Oracle default fcgi-bin/echo paul . szabo (Oct 18)
- Re: XSS in Oracle default fcgi-bin/echo Thor (Hammer of God) (Oct 13)
- Re: XSS in Oracle default fcgi-bin/echo Nahuel Grisolia (Oct 08)