On Sun, 8 Aug 2010, MustLive wrote: > Also in all versions of Mozilla and Mozilla Firefox it's possible to use > another variant of Strictly social XSS - with using of -moz-binding (for > Firefox < 3.0 or for Firefox => 3.0 with xml-file on the same site) or with > using of onMouseOver: > > http://site/script.php?param=a:%22%20onMouseOver=%22alert(document.cookie) > > At moving of the cursor on the link here the code will execute in context > of this site. > [...] > > This attack is possible only if redirector (with "302 Found" or "302 Object > moved" answer) outputs double quote in Location header in plain (not in URL > encoding) form.
Would you mind showing us the actual HTTP response generated your script.php, esp. its body? -- Pavel Kankovsky aka Peak / Jeremiah 9:21 \ "For death is come up into our MS Windows(tm)..." \ 21st century edition / _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
