[24151] in bugtraq
CSS -> ign.com
daemon@ATHENA.MIT.EDU (=?iso-8859-1?Q?Knud_Erik_H=F8jgaar)
Wed Feb 6 19:51:43 2002
Content-Class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Date: Tue, 5 Feb 2002 11:42:37 +0100
Message-ID: <6096F6426539904EB650ED340F28450B18A8F6@Helium.cc.CyberCity.dk>
From: =?iso-8859-1?Q?Knud_Erik_H=F8jgaard?= <knud@cybercity.dk>
To: <bugtraq@securityfocus.com>
Content-Transfer-Encoding: 8bit
To add to the late plethora of CSS bugs, ign.com has some too.
'Vendor' contacted about a week ago at various mailaddresses, no reply.
visiting http://mediaviewer.ign.com/mediaPage.jsp?object_id=15984&media_type=P&ign_section=17&adtag=network%3Dign%26site%3Dps2viewer%26adchannel%3Dps2%26pagetype%3Darticle&page_title=knud+fighter+4
will show you some screenshots from 'knud fighter 4' (really virtua fighter 4 shots).. the &page_title=blabla doesn't filter <tags> so it's possible to steal cookies and whatnot.. I haven't tried in the members section, since i can't really access it without an account, but i assume it uses the same files since ps2.ign.com/pc.ign.com/pocket.ign.com all utilize mediaviewer.ign.com/mediaPage.jsp for their media (p)reviews.
random thought: is bugtraq really the correct place for css bugs? many vulnerable scripts are 'homemade' .. so it's not like there's much value in reporting 'site x has css bug in blah.php' ..
-Knud
