Daniel Marsh schrieb:
> On 6/19/07, Bozo Bad <[EMAIL PROTECTED]> wrote:
>>
>> http://www.cissp.com/store/search.asp?s=%3Cscript%3Ealert(%22Look,mamma,
>> I'm a CISSP!%22)%3C/script%3E
>
> That's a beautiful thing.
>
Irony at its best.
___
Full-Disclos
Michael Silk schrieb:
> "hackcessing"
>
http://www.urbandictionary.com/define.php?term=hackcessing
And I am sure it will spread around...
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and
Application: Space4k
Web Site: http://www.space4k.[pl|fr|com|de|it]
Bug: XSS (Cross site Scripting)
Discoverer: Florian Stinglmayr
Date: 2007-06-07
--
Description:
Space4K is a massive multiplayer online game game
://digiland.libero.it/profilo.phtml?nick=).
> The implementation of this functionality allows the injection of
> malicious code in the URL, so that an attacker can steal username and
> password of the victim accessing his cookie.
>
Nice
o&o=&db3=LROO
Legend:
q ... The search query.
x ... Must be "r" to perform a search.
v ... Must be "lroo" (other values not tested)
db3... Database to query on. Must be "lroo".
This issue has already been reported t
Here we go:
http://jawe.aon.at/search/aon.sp?query=alert(1);
The issue has been reported to AON before.
Regards,
Florian Stinglmayr
___
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and