Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

New way for Cross Site Scripting on Microsoft IIS4

From: "Admin [iSecureLabs]" <admin () ISECURELABS COM>
Date: Thu, 29 Mar 2001 16:15:51 +0200
Hi all,

I think have found a new way to exploit the vulnerability "Cross site
scripting" on a IIS4 Microsoft.

http://xxx.xxx.xxx.xxx/foo/<script>alert('foo')</script>.stm

This crafted url will execute the JavaScript on your computer.

  ---
  Cabezon Aurélien
  aurelien.cabezon () iSecureLabs com
  http://www.iSecureLabs.com
  French Security Labs


-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>

mQGiBDqs8ZwRBADF5UJGVtWLd3N9fBVp75NVsPTMTOmhFM2TPppshk+Ac5bahKeB
+os8P2ZFK8mz75Fjmw0UAiU3T0YZgkO8+vs0v1b8oNNElDzZfAY6gpTU4ej/ypjU
EUl7lrWvtG0JOvnCj1jPQ2uyl4lGi8DgAPcN39FYcEuw47uu354gHwFCVQCg/77E
btva+M92DmSra/SYCO4aXFsD/jA2MaU5Tt/2jONG9RdGfIpzWUgYlZ3akLPbI12z
l4r1oyyajU0z9+NtBOT8x04k3W0HllOf0502uV8R73eAAw4z0KgxYYTdialgBLGM
znIjkvmxneWRklvOczbD0umRnYMXQ5TOy6rMb3japozx64kjPzRwLuWftEO50bzh
eAPFA/0d7TYm26z48lDrdo/M2Y7CFy4YASsubmLG2vB+tfXJfEWSwKTobVT7g8qS
CzdEcDeVoEx5C+HLsCz496byyYDrgNL2juhZqGGylU03npxx0tXdTOwYA27W2yWl
pOKZhCppShKxt5UHN+cPSjKa9mXl1ejxFe2GysC7joRxOXuKi7QoQ2FiZXpvbiBB
dXLpbGllbiA8YWRtaW5AaVNlY3VyZUxhYnMuY29tPokATgQQEQIADgUCOqzxnAQL
AwIBAhkBAAoJEFMMIwyKnaYtezIAoKfbCzmAadlQZuAxfJ3EJek8tlJNAKDY4gAX
8a7cZ1TOOZJ0+tSGVMmnbbkDDQQ6rPGdEAwAzB13VyQ4SuLE8OiOE2eXTpITYfbb
6yUOF/32mPfIfHmwch04dfv2wXPEgxEmK0Ngw+Po1gr9oSgmC66prrNlD6IAUwGg
fNaroxIe+g8qzh90hE/K8xfzpEDp19J3tkItAjbBJstoXp18mAkKjX4t7eRdefXU
kk+bGI78KqdLfDL2Qle3CH8IF3KiutapQvMF6PlTETlPtvFuuUs4INoBp1ajFOmP
QFXz0AfGy0OplK33TGSGSfgMg71l6RfUodNQ+PVZX9x2Uk89PY3bzpnhV5JZzf24
rnRPxfx2vIPFRzBhznzJZv8V+bv9kV7HAarTW56NoKVyOtQa8L9GAFgr5fSI/VhO
SdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsYjY67VYy4XTjTNP18
F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zafq9AKUJsC
RtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpTDJvAAICC/0fQ7qKf2e8ep9/RJG5cdw9
Gw3X4d4ImdcBxz+yqjK0h2DI/Fv/s2ImmWJn53oU4cyGdSYamt9EuhxJIZrF7T7x
HyRzkLE3E/xVN9TmdiAM9vV6DrChDiOuXKREb/iE1OjCu1MeJbGL5TUc4Y5MR0TV
T6i8wTw/O71/pgZlUawC6+xlYG4Z5Jm/CSOP8l3ZDGY/Z2hqKHKStyPJlIaNVqsG
FfCb2tAys/3mNGFPxg1WjEkpUlABMLQkraanAvIjxcLJhPa61pvcdGIwvZESeCOY
yDh13GEgI1PgOnMiwPgGHdkwjU3X84N4mZUos/UNvJkOBcpg0CnyOIIJw5UBYanE
rV79HSCaeGloET9p4QBHHHo0zl15jLZvqB0LJ4DXWa0luUfk7ZC/pbtvOkfvU94t
7hOKfuH73v2KKFlY6/hDpuenVV90gr49cn6gY/h58bsCzncrdTAOHodgJHTPBUf0
egmxKXkWMkuBSqB12xXTlfGDp1KA73se3N+lD1dC2GSJAEYEGBECAAYFAjqs8Z0A
CgkQUwwjDIqdpi0QQACfciCfSOpuietinqvrKaTH4J8ME+QAoPQ+sUKTZJJJjJkD
KKN+t9mt/tFH
=nmnm
-----END PGP PUBLIC KEY BLOCK-----
Previous By Date Next
Previous By Thread Next

Current thread: