Paid Advertising is
ha.ckers sla.cking
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Some XSS
Posted by: lobas
Date: December 14, 2006 05:35PM

Secure hushmail is not very secure'VULNERABLE')%3C/script%3E

dont know what this is but its some kind of loop within gmail'XSS')%3E&fs=1
think it also disables account after so often'VULNERABLE')%3C/script%3E'VULNERABLE')%3C/script%3E

Options: ReplyQuote
Re: Some XSS
Posted by: maluc
Date: December 14, 2006 08:19PM

hrm.. the google one just throws me into an infinite redirect loop.. using firefox


Options: ReplyQuote
Re: Some XSS
Posted by: unsticky
Date: December 21, 2006 10:00PM

the google one won't work, its escaped. look at the source

<html><head><meta content="text/html; charset=UTF-8" http-equiv="content-type"></head><script>D=(top.js&&top.js.init)?function(d){top.js.P(window,d)}:function(){};if(window==top){top.location="/mail/?ik\u003d%22%3E%3CBODY%20ONLOAD\u003dalert(\'XSS\')%3E&fs\u003d1";}</script><script><!--

//--></script><script>var loaded=true;D(['e',3,1166759982916]);</script>

Options: ReplyQuote
Re: Some XSS
Posted by: lobas
Date: January 10, 2007 09:40AM

im looking for XSS with google or some kind of bug ill trade some XSS for it :P

Options: ReplyQuote

Sorry, only registered users may post in this forum.