Re: [gopher] XSS in Gopher in Fx 3.6.11

To: Gopher Project Discussion <gopher-project@lists.alioth.debian.org>
Subject: Re: [gopher] XSS in Gopher in Fx 3.6.11
From: Brian Koontz <brian@pongonova.net>
Date: Wed, 20 Oct 2010 19:57:01 -0500
Message-id: <[🔎] 20101021005701.GA29357@pongonova.net>
Reply-to: Gopher Project Discussion <gopher-project@lists.alioth.debian.org>
In-reply-to: <[🔎] 201010210152.o9L1qOSC016414@floodgap.com>
References: <[🔎] 87eibkcqha.fsf@ist.utl.pt> <[🔎] 201010210152.o9L1qOSC016414@floodgap.com>

On Wed, Oct 20, 2010 at 06:52:24PM -0700, Cameron Kaiser wrote:
> This will reliably exploit the bug:
> 
> 	gopher://gopher.floodgap.com/0/test/expl/bad
> 
> (it's just an alert()). It still works on Camino 2.0.5 because that is built
> on 3.0.next, which is still vulnerable and was not fixed by this patch.

This is all I got:

http://www.floodgap.com";><script>alert('boo')</script> ha ha ha

  --Brian

_______________________________________________
Gopher-Project mailing list
Gopher-Project@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/gopher-project

Reply to:

Follow-Ups:
- Re: [gopher] XSS in Gopher in Fx 3.6.11
  - From: Cameron Kaiser <spectre@floodgap.com>

References:
- Re: [gopher] XSS in Gopher in Fx 3.6.11
  - From: nunojsilva@ist.utl.pt (Nuno J. Silva)
- Re: [gopher] XSS in Gopher in Fx 3.6.11
  - From: Cameron Kaiser <spectre@floodgap.com>

Prev by Date: Re: [gopher] XSS in Gopher in Fx 3.6.11
Next by Date: Re: [gopher] XSS in Gopher in Fx 3.6.11
Previous by thread: Re: [gopher] XSS in Gopher in Fx 3.6.11
Next by thread: Re: [gopher] XSS in Gopher in Fx 3.6.11
Index(es):
- Date
- Thread