[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Godaddy´s workspace <= 5.3 XSS

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Godaddy´s workspace <= 5.3 XSS
From: "Carlos" <chollmann@xxxxxxxxxxxxxxxx>
Date: Sat, 11 Dec 2010 08:58:03 -0700

<html><body><span style="font-family:Verdana; color:#000000; 
font-size:10pt;"><div>Godaddy´s Workspace 5.3 
&nbsp;XSS</div><div>Explanation:</div><div><span style="">The javascript for 
special caracter filtering provided in <a 
href="http://email13.secureserver.net";>email13.secureserver.net</a> can be use 
to create a XSS attack, if we edit the 
content of an email and &nbsp;put &lt;iframe 
src="javascript:alert("XSS");"&gt;&lt;/iframe&gt; this will be filtered 
and scramble, making the XSS impossible, BUT, if we write &lt;iframe 
src="javascript:alert(&amp;quot;XSS&amp;quot;);"&gt;&lt;/iframe&gt; we 
will bypass the XSS filter.</span></div><div>by 
Elvenking</div></span></body></html>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] FreeAmp 2.0.7 .m3u Buffer Overflow
Next by Date: Re: [Full-disclosure] Flaw in Microsoft Domain Account Caching Allows Local Workstation Admins to Temporarily Escalate Privileges and Login as Cached Domain Admin Accounts (2010-M$-002)
Previous by thread: [Full-disclosure] FreeAmp 2.0.7 .m3u Buffer Overflow
Next by thread: Re: [Full-disclosure] Security Incident Response Testing To Meet Audit
Index(es):
- Date
- Thread