This comes as no surprise. Most Greek stuff is susceptible to a back door style attack. This type of assault has been documented throughout modern history. [1]
J [1] http://www.urbandictionary.com/define.php?term=Greek+Style On Sat, 22 Sep 2007 20:46:45 -0400 ascii <[EMAIL PROTECTED]> wrote: >George Papandreou wrote: >> There is no wonder why in hell Kostas Karamanlis is still our >prime >minister! >> >http://www.ekloges.ypes.gr/pages/index.html?http://www.secunia.com >> >http://www.ekloges.ypes.gr/pages/index.html?../lib/../lib/jslib.js >> http://www.ekloges.ypes.gr/pages/index.html?../lib/default.css > >client side stuff, no rfi here. > > <script type="text/javascript"> > > function fillFrame() > { > var a=location.search; > a=(a ? a.slice(1) : 'epikratia_map.html'); > document.getElementById('data_frame').src=a; > } > > </script> > >this can be used to execute JS using the javascript: handler so >it's a >security issue > >http://www.ekloges.ypes.gr/pages/index.html?javascript:alert(%22hel >o%22); > >have you notified the webmaster? > >bye, >Francesco `ascii` Ongaro >http://www.ush.it/ > >_______________________________________________ >Full-Disclosure - We believe in it. >Charter: http://lists.grok.org.uk/full-disclosure-charter.html >Hosted and sponsored by Secunia - http://secunia.com/ -- Learn digital and video photography techniques, lighting and printing. Click now. http://tagline.hushmail.com/fc/Ioyw6h4fQtD75ifHptieNQWWIgly9a5eCstemyzNmIy2Lb1PTeKSRC/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
