[25200] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Cross site scripting @verisign.com and @cybercash.com

daemon@ATHENA.MIT.EDU (KF)
Sat Apr 20 16:44:09 2002

Message-ID: <3CC047F8.4060602@snosoft.com>
Date: Fri, 19 Apr 2002 12:38:16 -0400
From: KF <dotslash@snosoft.com>
MIME-Version: 1.0
To: websitesupport@verisign.com, support@verisign.com, recon@snosoft.com,
        vuln-dev@security-focus.com, bugtraq@security-focus.com
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit

http://www.cybercash.com/<script>alert('hi')</script>

or 

http://www.verisign.com/ <http://www.cybercash.com/><script>alert('hi')</script>

Not sure how big a deal this is... but seeing as how the name verisign 
is associated with "Security" I think it should be looked at. This 
didn't work from my Mozilla browser on linux but it did from IE on 
win2k... could be a browser detection method causing the varied results.
-KF


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[25200] in bugtraq

Cross site scripting @verisign.com and @cybercash.com

daemon@ATHENA.MIT.EDU (KF)Sat Apr 20 16:44:09 2002

daemon@ATHENA.MIT.EDU (KF)
Sat Apr 20 16:44:09 2002