Rosario Valotta wrote: > Libero.it, one of the most important italian ISP (www.libero.it) is > affected from a XSS vulnerability. > The vulnerability can be found in the "Community" section of Libero > portal, and the affected functionality is "add nick" ( > http://digiland.libero.it/profilo.phtml?nick=). > The implementation of this functionality allows the injection of > malicious code in the URL, so that an attacker can steal username and > password of the victim accessing his cookie. >
Nice find! -- Florian Stinglmayr [EMAIL PROTECTED] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
