Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

echalk vuln

from [kevin anonymous] Network Security [Permanent Link]
Subject: echalk vuln
Date: 23 Nov 2004 04:50:44 -0000 


echalk is a service that makes advanced websites for schools. alot of them have 
online classes student email systems and homework checks. my school uses echalk 
and i found this vuln on their site. in echalk's search form it blocks out most 
html and javascript but if you use &lt;script&gt;<img 
src=javascript:somejavacommand />&lt;/script&gt;
it actually  shows an image icon that contains javascript. this vuln can be 
used to submit any javascript command you want to the site.this can be fixed by 
not allowing any < characters in the search forum.

-hypnosses
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • echalk vuln, kevin anonymous <=
Previous by Date:  Winamp - Buffer Overflow In IN_CDDA.dll, Brett Moore
Next by Date:  RE: iDEFENSE Security Advisory 11.22.04: Sun Java Plugin Arbitrar y Package Access Vulnerability, Sherlock, Nathan
Previous by Thread:  Winamp - Buffer Overflow In IN_CDDA.dll, Brett Moore
Next by Thread:  RE: iDEFENSE Security Advisory 11.22.04: Sun Java Plugin Arbitrar y Package Access Vulnerability, Sherlock, Nathan
Indexes:  [Date] [Thread] [Top] [All Lists]