BugTraq
Back to list
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
Cross Site Scripting exploitation via malformed files
Feb 21 2005 04:25PM
Jerome ATHIAS (jerome athias free fr)
It was publicly released on different forums (http://cyruxnet.org/foro/viewtopic.php?t=559); multiple webmail systems and websites are vulnerable to Cross Site Scripting via a malformed file.
A basic PoC :
Build a text file (ie: photo.txt)
<script language="Javascript">
alert('Vulnerable!');...
[ more ]
Privacy Statement
Copyright 2010, SecurityFocus
It was publicly released on different forums (http://cyruxnet.org/foro/viewtopic.php?t=559); multiple webmail systems and websites are vulnerable to Cross Site Scripting via a malformed file.
A basic PoC :
Build a text file (ie: photo.txt)
<script language="Javascript">
alert('Vulnerable!');...
[ more ]