Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
hmmm, fox news shop
Posted by: sjraptor
Date: September 25, 2007 02:00AM

http://shop.ecompanystore.com/foxnews/FOX_ProductList.asp?CATALOG=FOX&ID=76&TYPE=FOX+News+Tuesday%3Cscript%3Ealert('xss')%3C/script%3E

nothing special here... POC. is that it???

-Marcin
http://tssci-security.com



Edited 1 time(s). Last edit at 09/25/2007 02:02AM by sjraptor.

Options: ReplyQuote
Re: hmmm, fox news shop
Posted by: Anonymous User
Date: September 25, 2007 02:07AM

Try the qt field, insert a single quote, and get sql injection.

I've pentested them a full day once, and you really don't wanna know the holes. They even got coldfusion injection. I did stop and I thought it wasn't worth a blogpost, them fools...

Options: ReplyQuote
Re: hmmm, fox news shop
Posted by: Spyware
Date: September 25, 2007 04:49AM

Ronald Wrote:
-------------------------------------------------------
> Try the qt field, insert a single quote, and get
> sql injection.

Try anything else than a number, and get sql injection. Don't you just love VBScript :)?

Options: ReplyQuote


Sorry, only registered users may post in this forum.