February 6th, 2002, 10:16 PM
Question about CSS vuln
In discussing a cross site scripting vulnerability with a friend of mine, he raised a point to me that I couldn't answer...I thought maybe someone here could enlighten me...
I hear the Crawling Chaos that calls beyond the stars
February 6th, 2002, 11:24 PM
February 7th, 2002, 09:00 PM
I'd test it out. But instead of trying to send the user information out through another method I would try to use the users own post to get the information. You could possibly grab the cookie information and when the post button is click append that cookie information to the end of the users post inside an html comment. Then all you have to do is view the source of the users next post and see if the cookie information is there. If this is possibly you should notify the person who runs the board....they need to be parsing that crap out.
"When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
"There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
"Mischief my ass, you are an unethical moron." - chsh
Blog of X