XSS vulnerability in Mojo Mail Sign-Up Form

From: Daniel Boland (Electrophreakat_private)
Date: Thu Oct 24 2002 - 05:57:02 PDT

Next message: Ignacio Vazquez: "vpopmail CGIapps vpasswd vulnerabilities"

Previous message: securityat_private: "Security Update: [CSSA-2002-037.0] Linux: various packet handling vunerabilities in ethereal"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) Heya, this is my first post here so go easy on me plz. I posted about this on the Mojo Bug Tracker ages ago and it's just been ignored, and besides, Im losing faith in reporting to the vendor, PHP Arena took the credit for an XSS bug I found in their paFileDB. But anyway, Mojo Mail doesn't filter sign-up requests, here's an example on Mojo's site: http://mojo.skazat.com/cgi-bin/mojo/mojo.cgi?flavor=subscribe&email=% 3Cscript%3Ealert%28%22XSS%20Vuln.%22%29%3C%2Fscript% 3E&list=skazat_design_newsletter&submit=Submit I don't know if I'm supposed to say more but it's just XSS, I think that's it? ~ElectroPhreak

Next message: Ignacio Vazquez: "vpopmail CGIapps vpasswd vulnerabilities"
Previous message: securityat_private: "Security Update: [CSSA-2002-037.0] Linux: various packet handling vunerabilities in ethereal"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Oct 24 2002 - 15:51:49 PDT