Reflected XSS in http://owaspbwa/vicnum/

chuckfw / owaspbwa

OWASP Broken Web Applications Project

294 stars 103 forks source link

Reflected XSS in http://owaspbwa/vicnum/ #4

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago

There is a reflected XSS issue in the OWASP Vicnum application
http://ip/vicnum/.  On that page, when you enter a name
of "Name<script>alert(123)</script> and press "Play", the script will run
on the next page (http://ip/vicnum/cgi-bin/vicnum1.pl).

Original issue reported on code.google.com by chuck.f....@gmail.com on 25 Oct 2009 at 12:54

Merged into: #7

GoogleCodeExporter commented 8 years ago

[deleted comment]

GoogleCodeExporter commented 8 years ago

[deleted comment]

GoogleCodeExporter commented 8 years ago

There is a reflected XSS issue in the OWASP Vicnum application
http://owaspbwa/vicnum/  On that page, when you enter a name
of "Name<script>alert(123)</script>" and press "Play", the script will run
on the next page (http://owaspbwa/vicnum/cgi-bin/vicnum1.pl.

Example URL:
http://owaspbwa/vicnum/cgi-bin/vicnum1.pl?player=foo<script>alert(1)</script>

Original comment by chuck.f....@gmail.com on 10 Nov 2009 at 3:26

Changed title: Reflected XSS in http://owaspbwa/vicnum/
Changed state: VerifiedKV

GoogleCodeExporter commented 8 years ago

Original comment by chuck.f....@gmail.com on 20 Jan 2010 at 4:25

Added labels: Type-KV
Removed labels: Known-Vulnerability

GoogleCodeExporter commented 8 years ago

Original comment by chuck.f....@gmail.com on 20 Jan 2010 at 4:28

Changed state: Duplicate