|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 48
Members: 0
Total: 48
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Galleries XSS |
|
Posted: Sun Aug 28, 2005 4:25 pm |
|
|
oxygenne |
Advanced user |
|
|
Joined: Apr 13, 2005 |
Posts: 52 |
|
|
|
|
|
|
|
Take your favorite picture, and save it in .jpg. Use the EXIF editor of
your choice and edit the Camera Model Tag. Replace the current value by
" <script>alert(document.cookie)</script> ".
Then upload the jpeg file to your favorite Online Gallery and click on
the picture ... XSS.
Credit :
Cedric Cochin, Network Security Expert
Web Site: http://cedri.cc
< cedric.cochin [-at-] gmail .DoT. com >
I could not reproduce this |
|
|
|
|
www.waraxe.us Forum Index -> Cross-site scripting aka XSS
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|