BugTraq
Back to list
|
Post reply
Re: RE: [Full-disclosure] XSS in Oracle default fcgi-bin/echo
Oct 17 2010 12:33PM
an us com
(1 replies)
Re: RE: [Full-disclosure] XSS in Oracle default fcgi-bin/echo
Oct 19 2010 09:24AM
paul szabo sydney edu au
Dear An,
> Referrer: <script>alert(1)</script>
Yes, but... seems not all echo's get a Referer passed to them.
Cheers, Paul
Paul Szabo psz (at) maths.usyd.edu (dot) au [email concealed] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
> Referrer: <script>alert(1)</script>
Yes, but... seems not all echo's get a Referer passed to them.
Cheers, Paul
Paul Szabo psz (at) maths.usyd.edu (dot) au [email concealed] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
[ reply ]