[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Destiney Rated Images Script v0.5.0 - XSS Vulnv

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Destiney Rated Images Script v0.5.0 - XSS Vulnv
From: "Steven M. Christey" <coley@xxxxxxxxx>
Date: Fri, 26 May 2006 01:18:32 -0400 (EDT)

Webmaster at destiney said:

> I pasted the following example XSS code into both form fields, and saw
> no evidence of XSS vulnerabilities:
>
> <DIV STYLE="background-image: url(javascript:alert('XSS'))">


According to the XSS cheat sheet at http://ha.ckers.org/xss.html,
STYLE attributes in DIV tags are only effective in the Internet
Explorer rendering engine (they worked fine for me in IE but not
mozilla).

Were you using IE when you checked these results?

- Steve

Prev by Date: [SECURITY] [DSA 1077-1] New lynx-ssl packages fix denial of service
Next by Date: V-Webmail 1.6.4 Remote File Include
Previous by thread: Re: Destiney Rated Images Script v0.5.0 - XSS Vulnv
Next by thread: Destiney Links Script v2.1.2
Index(es):
- Date
- Thread