[<prev] [next>] [day] [month] [year] [list]
Message-ID: <50B0B662.2000200@klondike.es>
Date: Sat, 24 Nov 2012 12:58:26 +0100
From: klondike <klondike@...ndike.es>
To: full-disclosure@...ts.grok.org.uk
Subject: XSS injection in netadmin's challenge in Dreamhack
Hi!
It is possible to make an XSS injection in the netadmin service provided
at https://dreamhack.netadmin.se/ on, at least, the title header.
For this just set the nick as the script to inject and there you go, it
will be copied literally on the title and may also be copied on the
achievements.
http://i.imgur.com/w4fvg.png is a pic which shows the attack in action.
Klondike
Download attachment "signature.asc" of type "application/pgp-signature" (263 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists