]> git.mjollnir.org Git - s9y.git/commit
projects / s9y.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b2d4811) | patch
Now this is one funny XSS discovered by Rasmus:
authorgarvinhicking <garvinhicking>
Thu, 12 May 2005 18:19:28 +0000 (18:19 +0000)
committergarvinhicking <garvinhicking>
Thu, 12 May 2005 18:19:28 +0000 (18:19 +0000)
commitbbf0c8de24ad8210142fbfa81d6039034287c07b
tree9e96cae72d1c9215d3eabc2e9010ac79addf7423tree | snapshot
parentb2d48116e9fa5e5d1813373e4302f9087f730deccommit | diff
Now this is one funny XSS discovered by Rasmus:

You could send HTTP Cookie HTML which does not get htmlspecialchar()ed and then exploit the page for yourself only, and no other viewers.

Rare case of a XSS and low-impact, but still not nice when advanced form redirection takes place and you want to XSS exploit a single user :-)

Please test, if anybody is reading this :-D
include/functions_comments.inc.php diff | blob | history
import of upstream's svn repo, along with my own branches