Vulnerability Development mailing list archives
New way for Cross Site Scripting on Microsoft IIS4
From: "Admin [iSecureLabs]" <admin () ISECURELABS COM>
Date: Thu, 29 Mar 2001 16:15:51 +0200
Hi all, I think have found a new way to exploit the vulnerability "Cross site scripting" on a IIS4 Microsoft. http://xxx.xxx.xxx.xxx/foo/<script>alert('foo')</script>.stm This crafted url will execute the JavaScript on your computer. --- Cabezon Aurélien aurelien.cabezon () iSecureLabs com http://www.iSecureLabs.com French Security Labs -----BEGIN PGP PUBLIC KEY BLOCK----- Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com> mQGiBDqs8ZwRBADF5UJGVtWLd3N9fBVp75NVsPTMTOmhFM2TPppshk+Ac5bahKeB +os8P2ZFK8mz75Fjmw0UAiU3T0YZgkO8+vs0v1b8oNNElDzZfAY6gpTU4ej/ypjU EUl7lrWvtG0JOvnCj1jPQ2uyl4lGi8DgAPcN39FYcEuw47uu354gHwFCVQCg/77E btva+M92DmSra/SYCO4aXFsD/jA2MaU5Tt/2jONG9RdGfIpzWUgYlZ3akLPbI12z l4r1oyyajU0z9+NtBOT8x04k3W0HllOf0502uV8R73eAAw4z0KgxYYTdialgBLGM znIjkvmxneWRklvOczbD0umRnYMXQ5TOy6rMb3japozx64kjPzRwLuWftEO50bzh eAPFA/0d7TYm26z48lDrdo/M2Y7CFy4YASsubmLG2vB+tfXJfEWSwKTobVT7g8qS CzdEcDeVoEx5C+HLsCz496byyYDrgNL2juhZqGGylU03npxx0tXdTOwYA27W2yWl pOKZhCppShKxt5UHN+cPSjKa9mXl1ejxFe2GysC7joRxOXuKi7QoQ2FiZXpvbiBB dXLpbGllbiA8YWRtaW5AaVNlY3VyZUxhYnMuY29tPokATgQQEQIADgUCOqzxnAQL AwIBAhkBAAoJEFMMIwyKnaYtezIAoKfbCzmAadlQZuAxfJ3EJek8tlJNAKDY4gAX 8a7cZ1TOOZJ0+tSGVMmnbbkDDQQ6rPGdEAwAzB13VyQ4SuLE8OiOE2eXTpITYfbb 6yUOF/32mPfIfHmwch04dfv2wXPEgxEmK0Ngw+Po1gr9oSgmC66prrNlD6IAUwGg fNaroxIe+g8qzh90hE/K8xfzpEDp19J3tkItAjbBJstoXp18mAkKjX4t7eRdefXU kk+bGI78KqdLfDL2Qle3CH8IF3KiutapQvMF6PlTETlPtvFuuUs4INoBp1ajFOmP QFXz0AfGy0OplK33TGSGSfgMg71l6RfUodNQ+PVZX9x2Uk89PY3bzpnhV5JZzf24 rnRPxfx2vIPFRzBhznzJZv8V+bv9kV7HAarTW56NoKVyOtQa8L9GAFgr5fSI/VhO SdvNILSd5JEHNmszbDgNRR0PfIizHHxbLY7288kjwEPwpVsYjY67VYy4XTjTNP18 F1dDox0YbN4zISy1Kv884bEpQBgRjXyEpwpy1obEAxnIByl6ypUM2Zafq9AKUJsC RtMIPWakXUGfnHy9iUsiGSa6q6Jew1XpTDJvAAICC/0fQ7qKf2e8ep9/RJG5cdw9 Gw3X4d4ImdcBxz+yqjK0h2DI/Fv/s2ImmWJn53oU4cyGdSYamt9EuhxJIZrF7T7x HyRzkLE3E/xVN9TmdiAM9vV6DrChDiOuXKREb/iE1OjCu1MeJbGL5TUc4Y5MR0TV T6i8wTw/O71/pgZlUawC6+xlYG4Z5Jm/CSOP8l3ZDGY/Z2hqKHKStyPJlIaNVqsG FfCb2tAys/3mNGFPxg1WjEkpUlABMLQkraanAvIjxcLJhPa61pvcdGIwvZESeCOY yDh13GEgI1PgOnMiwPgGHdkwjU3X84N4mZUos/UNvJkOBcpg0CnyOIIJw5UBYanE rV79HSCaeGloET9p4QBHHHo0zl15jLZvqB0LJ4DXWa0luUfk7ZC/pbtvOkfvU94t 7hOKfuH73v2KKFlY6/hDpuenVV90gr49cn6gY/h58bsCzncrdTAOHodgJHTPBUf0 egmxKXkWMkuBSqB12xXTlfGDp1KA73se3N+lD1dC2GSJAEYEGBECAAYFAjqs8Z0A CgkQUwwjDIqdpi0QQACfciCfSOpuietinqvrKaTH4J8ME+QAoPQ+sUKTZJJJjJkD KKN+t9mt/tFH =nmnm -----END PGP PUBLIC KEY BLOCK-----
Current thread:
- New way for Cross Site Scripting on Microsoft IIS4 Admin [iSecureLabs] (Mar 29)