[25221] in bugtraq
Cross Site Scripting. Many Sites Vulnerable.
daemon@ATHENA.MIT.EDU (InterWN Labs)
Tue Apr 23 01:32:47 2002
Date: 21 Apr 2002 04:07:05 -0000
Message-ID: <20020421040705.17145.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: InterWN Labs <interwn@interwn.nl>
To: bugtraq@securityfocus.com
Hello all.
I think its been made very clear that cross site
scripting is a problem to most of us that read
bugtraq, but it seems that many high profile
companies, even tech ones, have forgotten
that it can be a serious issue.
I have posted a .txt file on my website that simply
shows many example links to vulnerable sites
that allow java script execution.
A small list of the sites:
Midway, Corel, NYTimes.com,
AOL, Real Networks, Cisco, IBM,
Oracle, Akamai, FedEx, FoxNews
Lycos.com (angelfire and tripod),
Geocities, Netcraft, and Sourceforge.
www.whitehouse.gov and www.nipc.gov
are included in the list.
A brief paper will be written soon outlining CSS
vulns and how to spot and fix them. Hope this is
useful.
The list can be found at:
www.interwn.nl/release/cssvulns.txt
philer
www.interwn.nl
