lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20041115053126.28377.qmail@www.securityfocus.com> Date: 15 Nov 2004 05:31:26 -0000 From: Alex Lanstein <alex.lanstein@...il.com> To: bugtraq@...urityfocus.com Subject: XSS in TheFaceBook round 2 Authors: Alex Lanstein, Ivo Parashkevov Date: November 15, 2004 Affected Software: TheFaceBook - All Versions Software URL: http://www.thefacebook.com TheFaceBook, a popular college networking (social, not technological) tool is vulnerable to many XSS holes in it's search and editing methods. In contact.php, the "New School" field is vulnerable to an XSS attack. No POC needed, just put whatever code you want into the field. Might want to check on that Email field too...I smell another sql attack :-) greets to luthy, pramod, cc summer crew 2003, and of course, gab :-)
Powered by blists - more mailing lists