Bugtraq mailing list archives
Hosting.com Cross Site Scripting
From: "E M" <rdnktrk () hotmail com>
Date: Mon, 17 Dec 2001 16:56:22 -0800
Issue -Most Variables passed to the webmail script used by hosting.com (formerly CTSNet) execute script with local server context.
URL : webmail.cts.com Example : http://webmail.cts.com/webmail.cgi?_ID=<SCRIPT>document.write("All%20Your%20Webmail%20is%20Belong%20to%20Us");</SCRIPT> Vendor Status : Contacted 12.13.01 - Only automated reply. Eric McCarty rdnktrk () hotmail com _________________________________________________________________MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx
Current thread:
- Hosting.com Cross Site Scripting E M (Dec 17)