Vulnerability Development mailing list archives
XSS in lycos htmlgear guestbook
From: Pistone <jorgep () spdps com ar>
Date: Mon, 15 Jul 2002 14:32:24 -0300
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 URL: Htmlgear.lycos.com If a malicious user can get the guestbook user to follow a simple link, then they can grab that users htmlgear cookies and possibly use them to authenticate as that user. WORKING EXAMPLE http://htmlgear.lycos.com/guest/control.guest?u=usuario3&i=1&a=view<scripta lert(document.cookie)</script the support of lycos receives a copy of the problem Salu" Pistone - ----------------- www.gauchohack.com.ar -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9MwcyY47Vx76lNPkRApjSAJ9DlpPy4yanxPXKPdy4AGpujFqjeACgoIA2 rixgTR3+M3K29PtPNmGHNEg= =2z2c -----END PGP SIGNATURE-----
Current thread:
- XSS in lycos htmlgear guestbook Pistone (Jul 15)