Re: [gopher] XSS in Gopher in Fx 3.6.11
On Wed, Oct 20, 2010 at 06:52:24PM -0700, Cameron Kaiser wrote:
> This will reliably exploit the bug:
>
> gopher://gopher.floodgap.com/0/test/expl/bad
>
> (it's just an alert()). It still works on Camino 2.0.5 because that is built
> on 3.0.next, which is still vulnerable and was not fixed by this patch.
This is all I got:
http://www.floodgap.com"><script>alert('boo')</script> ha ha ha
--Brian
_______________________________________________
Gopher-Project mailing list
Gopher-Project@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/gopher-project
Reply to: