by r0t,der4444,cembo,VietMafia

Wednesday, December 07, 2005 SHOP XSS

What i know that T-online is from Deutsche Tellekom , main IPS in germany , any also big company and there work good specialists.

any way , "searchHandle" paramter isnt properly sanitised before being returned to the user.
This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

live example:


Post a Comment

<< Home

Copyright (c) 2006 Pridels Sec Crew