[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] XSS @ DHL

To: Full-Disclosure <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] XSS @ DHL
From: "Static Rez" <staticrez@xxxxxxxxx>
Date: Mon, 24 Dec 2007 16:48:17 -0500

I know these XSS vulns are kind of easy to find and they usually come off as
"so easy a monkey could do it", but i thought i'd throw this one out
there...

http://track.dhl-usa.com//atrknav.asp?shipmentNumber=
<script>alert('test')</script>

sincerely,
a monkey.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] Buffer-overflow and format string in VideoLAN VLC 0.8.6d
Next by Date: [Full-disclosure] Webwasher SSL scanner
Previous by thread: [Full-disclosure] Buffer-overflow and format string in VideoLAN VLC 0.8.6d
Next by thread: [Full-disclosure] Webwasher SSL scanner
Index(es):
- Date
- Thread