Bugtraq mailing list archives

Re: RE: [Full-disclosure] XSS in Oracle default fcgi-bin/echo

From: paul.szabo () sydney edu au
Date: Tue, 19 Oct 2010 20:24:23 +1100

Dear An,

Referrer: <script>alert(1)</script>


Yes, but... seems not all echo's get a Referer passed to them.

Cheers, Paul

Paul Szabo   psz () maths usyd edu au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia

Current thread:

Re: RE: [Full-disclosure] XSS in Oracle default fcgi-bin/echo an (Oct 18)
- Re: RE: [Full-disclosure] XSS in Oracle default fcgi-bin/echo paul . szabo (Oct 19)
- <Possible follow-ups>
- Re: [Full-disclosure] XSS in Oracle default fcgi-bin/echo paul . szabo (Oct 19)