Sunday, October 08, 2006

XSS bug

found an interesting type of xss of this site, contrust a html header and do the dirty work

Exposed the header, this is indeed fairly funky Content-Length: 0 Cache-Control: max-age=300 Expires: Mon, 09 Oct 2006 06:15:35 GMT Connection: close Content-Type: text/plain; charset=ISO-8859-1

similar ones...

Another one on

And discovered a xss on a metasearch engine while i was at class
click here to see demo

even one on a government website,

No comments: