This bug was disclosed few months before it was found ;-)
On Sun, May 12, 2013 at 10:45 PM, Michal Zalewski wrote:
> Total word count: ~1065
> Words that provide relevant information about the bug: ~95
>
> /mz
>
>
> ___
> Full-Disclosure - We believe i
Hello,
Result of your php code is in 1 line. That's why your payload is parsed
correctly. On my test server, your test.php code returned two lines, and
browser gives me javascript parse error :) SO - if we have possibility to
create our full javascript payload without syntax problems by multiple
G
Poczta.WP Multiple vulnerabilities full disclosure security paper
Author: Jakub Zoczek [zoczus(x)gmail.com]
0x01 Intro
--
Wirtualna Polska S.A. (WP) is one of the largest Polish web portals.
Their email service (poczta.wp.pl) is affected by multiple cross-site
scripting vulnerabilities