Georges1er / owaspbwa

Automatically exported from code.google.com/p/owaspbwa
0 stars 0 forks source link

Reflected XSS in http://owaspbwa/vicnum/ #4

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago
There is a reflected XSS issue in the OWASP Vicnum application
http://ip/vicnum/.  On that page, when you enter a name
of "Name<script>alert(123)</script> and press "Play", the script will run
on the next page (http://ip/vicnum/cgi-bin/vicnum1.pl).

Original issue reported on code.google.com by chuck.f....@gmail.com on 25 Oct 2009 at 12:54

GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
[deleted comment]
GoogleCodeExporter commented 8 years ago
There is a reflected XSS issue in the OWASP Vicnum application
http://owaspbwa/vicnum/  On that page, when you enter a name
of "Name<script>alert(123)</script>" and press "Play", the script will run
on the next page (http://owaspbwa/vicnum/cgi-bin/vicnum1.pl.

Example URL:
http://owaspbwa/vicnum/cgi-bin/vicnum1.pl?player=foo<script>alert(1)</script>

Original comment by chuck.f....@gmail.com on 10 Nov 2009 at 3:26

GoogleCodeExporter commented 8 years ago

Original comment by chuck.f....@gmail.com on 20 Jan 2010 at 4:25

GoogleCodeExporter commented 8 years ago

Original comment by chuck.f....@gmail.com on 20 Jan 2010 at 4:28