[27592] in bugtraq
XSS vulnerability in Mojo Mail Sign-Up Form
daemon@ATHENA.MIT.EDU (Daniel Boland)
Thu Oct 24 19:00:54 2002
Date: 24 Oct 2002 12:57:02 -0000
Message-ID: <20021024125702.30647.qmail@mail.securityfocus.com>
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
From: Daniel Boland <Electrophreak@blueyonder.co.uk>
To: bugtraq@securityfocus.com
Heya, this is my first post here so go easy on me plz. I posted about this
on the Mojo Bug Tracker ages ago and it's just been ignored, and besides,
Im losing faith in reporting to the vendor, PHP Arena took the credit for
an XSS bug I found in their paFileDB. But anyway, Mojo Mail doesn't filter
sign-up requests, here's an example on Mojo's site:
http://mojo.skazat.com/cgi-bin/mojo/mojo.cgi?flavor=subscribe&email=%
3Cscript%3Ealert%28%22XSS%20Vuln.%22%29%3C%2Fscript%
3E&list=skazat_design_newsletter&submit=Submit
I don't know if I'm supposed to say more but it's just XSS, I think that's
it?
~ElectroPhreak
