[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: Re: [Full-disclosure] Input not sanitized in Emerson network power
From: Benji <me () b3nji ! com>
Date: 2011-01-31 15:34:12
Message-ID: AANLkTinrUu9rNVYZ8446C1HtO-vX=_ALA0mKSnjTu0cG () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
xssed.com
On Mon, Jan 31, 2011 at 3:04 PM, Madhur Ahuja <ahuja.madhur@gmail.com>wrote:
> Found this search box last month which is not sanitizing any input :
>
>
> http://www.emersonnetworkpower.com/en-US/SearchCenter/Pages/AllResults.aspx?k=%3Cscr \
> ipt%3Ealert(document.cookie)%3C/script%3E&s=Network%20Power%20Content_en-US_en-US
> Have contacted the owner but there isn't any response. May be the
> vulnerability isn't serious enough to exploit ....
>
> --
> Madhur
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
[Attachment #5 (text/html)]
<a href="http://xssed.com">xssed.com</a><br><br><div class="gmail_quote">On Mon, Jan \
31, 2011 at 3:04 PM, Madhur Ahuja <span dir="ltr"><<a \
href="mailto:ahuja.madhur@gmail.com">ahuja.madhur@gmail.com</a>></span> wrote:<br> \
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex;">Found this search box last month which is not sanitizing any \
input :<br> <br>
<a href="http://www.emersonnetworkpower.com/en-US/SearchCenter/Pages/AllResults.aspx?k \
=%3Cscript%3Ealert(document.cookie)%3C/script%3E&s=Network%20Power%20Content_en-US_en-US" \
target="_blank">http://www.emersonnetworkpower.com/en-US/SearchCenter/Pages/AllResults \
.aspx?k=%3Cscript%3Ealert(document.cookie)%3C/script%3E&s=Network%20Power%20Content_en-US_en-US</a><br>
<br>
Have contacted the owner but there isn't any response. May be the<br>
vulnerability isn't serious enough to exploit ....<br>
<font color="#888888"><br>
--<br>
Madhur<br>
<br>
_______________________________________________<br>
Full-Disclosure - We believe in it.<br>
Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html" \
target="_blank">http://lists.grok.org.uk/full-disclosure-charter.html</a><br> Hosted \
and sponsored by Secunia - <a href="http://secunia.com/" \
target="_blank">http://secunia.com/</a><br> </font></blockquote></div><br>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic