Wednesday, November 01, 2006

Another xss

My brother showed me this site, an interesting site allows customized logo and I love this idea,
Very google-like and cool,rite!

but then I tried couple xss on lo param with no luck, I guess it has been filtered with regular expression, seems secured, hum! But hey, what the heck it works on the search box with simple alert call.
I don't see the point they filteres 1st param and leaves others unprotected, to accpet the whole pharse for a more accurate search result or they just happened to forget to do so? Recall "if you spend more time on coffee, you will be hacked, and you deserved"

No comments: