[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RE: [Full-disclosure] XSS in Oracle default fcgi-bin/echo

Dear An,

> Referrer: <script>alert(1)</script>

Yes, but... seems not all echo's get a Referer passed to them.

Cheers, Paul

Paul Szabo   psz@xxxxxxxxxxxxxxxxx   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia