Full Disclosure mailing list archives
Permanent XSS on the nuit du hack webmail service
From: klondike <klondike () xiscosoft es>
Date: Sat, 24 Mar 2012 05:27:20 +0100
So I was bored with the nuit du hack prequals and decided to test a bit
the e-mail service.
The guys have a cool XSS injection on the fake webmail service which can
be exploited with a properly crafted subject (i.e.
<script>alert('Hello!');</script> ). I thought the guys behind nuit du
hack were a bit more serious than this...
klondike
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Permanent XSS on the nuit du hack webmail service klondike (Mar 23)
- Re: Oracle based personal data dumping attack on the nuit du hack CTF klondike (Mar 23)
- Re: Oracle based personal data dumping attack on the nuit du hack CTF Damien Cauquil (Mar 26)
- Re: Oracle based personal data dumping attack on the nuit du hack CTF majinboo (Mar 26)
- Re: Oracle based personal data dumping attack on the nuit du hack CTF klondike (Mar 27)
- Re: Oracle based personal data dumping attack on the nuit du hack CTF Damien Cauquil (Mar 26)
- Re: Oracle based personal data dumping attack on the nuit du hack CTF klondike (Mar 23)