BugTraq
Webmails + Internet Explorer can create unwanted javascript execution Oct 02 2003 09:39PM Jedi/Sector One (j pureftpd org) (2 replies) RE: Webmails + Internet Explorer can create unwanted javascript execution Oct 03 2003 05:19PM Drew Copley (dcopley eeye com) |
Privacy Statement |
A Cross Site Scripting in this product allows injection of hostile
HTML/script
into the error page.
Example :
http://www.mouffleton.com/servlet/ContentServer?pagename=<body%20onload=
alert(document.cookie);>
Workaround :
Catch error and display a standard error page without echo of the file name.
Valgasu
http://valgasu.rstack.org
http://www.rstack.org
[ reply ]