On Wed, 19 Jul 2006 06:12:49 PDT, saied hackeriran said: > Critical Level : Dangerous Only if you've installed whatever package index.cfm is from. > This matter happens in index.cfm when What packack is this from? > We want to run some specific Functions > Such as action,event,.... and hacker > Can start attacks such as XSS attack by > Using simple script or HtML code. > Exploit: > Http://www.Site.com/path/index.cfm?action=<script> > Http://www.Site.com/path/index.cfm?event=<script> > Http://www.Site.com/path/index.cfm?fuseaction=<script> *yawn*. For bonus points, do you have a way to get these links to be followed that isn't self-inflicted? These things are *so* much more fun if you can get some lamer to follow the link rather than you typing it in yourself on the address bar....
Attachment:
pgptIBUUCkEFB.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/