Информационная безопасность
[RU] switch to English


Дополнительная информация

  Межсайтовый скриптинг в сообщениях об ошибках прокси

  W3C Jigsaw Proxy Server: Cross-Site Scripting Vulnerability (REPOST)

  CERN Proxy Server: Cross-Site Scripting Vulnerability

  Squid doesn't quote urls in error messages.

From:3APA3A <3APA3A_(at)_security.nnov.ru>
Date:27 октября 2000 г.
Subject:Re: Squid doesn't quote urls in error messages.

Hello Lincoln Yeoh,

27.10.00 13:47, you wrote: Squid doesn't quote urls in error messages.;

L> I  noticed  that  Squid  2.3.STABLE4  doesn't  quote  urls in error
L> messages.

<skip>

L> I haven't really tried it myself, and so I can't confirm if it really works
L> (that's why it's in VULN-DEV ;) ).


I can confirm it really works. Then I open

http://123.microsoft.com/<script>alert(this.document.
cookie)</script>

I can see my cookie from MS site :)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород