by r0t,der4444,cembo,VietMafia

Thursday, December 22, 2005

download.com XSS vuln.

download.com have flaw that allows a remote cross site scripting attack. This flaw exists because input passed to "tg" "path" isn't properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

http://www.download.com/3120-20_4-0.html?
tag=srch&qt=r0t&tg=[XSS]

http://music.download.com/1300-1_32-142.
html?tag=mhd_su&path=[XSS]

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew