Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Destiney Rated Images Script v0.5.0 - XSS Vulnv

from [Steven M. Christey] Network Security [Permanent Link]
Subject: Re: Destiney Rated Images Script v0.5.0 - XSS Vulnv
Date: Fri, 26 May 2006 01:18:32 -0400 (EDT) 

Webmaster at destiney said:


I pasted the following example XSS code into both form fields, and saw
no evidence of XSS vulnerabilities:

<DIV STYLE="background-image: url(javascript:alert('XSS'))">



According to the XSS cheat sheet at http://ha.ckers.org/xss.html,
STYLE attributes in DIV tags are only effective in the Internet
Explorer rendering engine (they worked fine for me in IE but not
mozilla).

Were you using IE when you checked these results?

- Steve
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] Re: [apwg] Graph analysis of stolen credit cards, glennhall
Next by Date:  V-Webmail 1.6.4 Remote File Include, beford
Previous by Thread:  Re: Destiney Rated Images Script v0.5.0 - XSS Vulnv, webmaster
Next by Thread:  Destiney Links Script v2.1.2, luny
Indexes:  [Date] [Thread] [Top] [All Lists]