Xanga sitemessage.aspx user Variable XSS

2005-01-01T04:06:22
ID OSVDB:12797
Type osvdb
Reporter OSVDB
Modified 2005-01-01T04:06:22

Description

Manual Testing Notes

http://[victim]/sitemessage.aspx?user=%3Cimg%20src=%22http://[attacker]/images/gnaa.png%22%3E

References:

Vendor URL: http://www.xanga.com/ Security Tracker: 1012751 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-12/0751.html