'Re: [Full-disclosure] Input not sanitized in Emerson network power'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    Re: [Full-disclosure] Input not sanitized in Emerson network power
From:       Benji <me () b3nji ! com>
Date:       2011-01-31 15:34:12
Message-ID: AANLkTinrUu9rNVYZ8446C1HtO-vX=_ALA0mKSnjTu0cG () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


xssed.com

On Mon, Jan 31, 2011 at 3:04 PM, Madhur Ahuja <ahuja.madhur@gmail.com>wrote:

> Found this search box last month which is not sanitizing any input :
> 
> 
> http://www.emersonnetworkpower.com/en-US/SearchCenter/Pages/AllResults.aspx?k=%3Cscr \
> ipt%3Ealert(document.cookie)%3C/script%3E&s=Network%20Power%20Content_en-US_en-US 
> Have contacted the owner but there isn't any response. May be the
> vulnerability isn't serious enough to exploit ....
> 
> --
> Madhur
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
> 


[Attachment #5 (text/html)]

<a href="http://xssed.com">xssed.com</a><br><br><div class="gmail_quote">On Mon, Jan \
31, 2011 at 3:04 PM, Madhur Ahuja <span dir="ltr">&lt;<a \
href="mailto:ahuja.madhur@gmail.com">ahuja.madhur@gmail.com</a>&gt;</span> wrote:<br> \
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex;">Found this search box last month which is not sanitizing any \
input :<br> <br>
<a href="http://www.emersonnetworkpower.com/en-US/SearchCenter/Pages/AllResults.aspx?k \
=%3Cscript%3Ealert(document.cookie)%3C/script%3E&amp;s=Network%20Power%20Content_en-US_en-US" \
target="_blank">http://www.emersonnetworkpower.com/en-US/SearchCenter/Pages/AllResults \
.aspx?k=%3Cscript%3Ealert(document.cookie)%3C/script%3E&amp;s=Network%20Power%20Content_en-US_en-US</a><br>


<br>
Have contacted the owner but there isn&#39;t any response. May be the<br>
vulnerability isn&#39;t serious enough to exploit ....<br>
<font color="#888888"><br>
--<br>
Madhur<br>
<br>
_______________________________________________<br>
Full-Disclosure - We believe in it.<br>
Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html" \
target="_blank">http://lists.grok.org.uk/full-disclosure-charter.html</a><br> Hosted \
and sponsored by Secunia - <a href="http://secunia.com/" \
target="_blank">http://secunia.com/</a><br> </font></blockquote></div><br>



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic