Re: [gopher] XSS in Gopher in Fx 3.6.11

To: gopher-project@lists.alioth.debian.org
Subject: Re: [gopher] XSS in Gopher in Fx 3.6.11
From: Cameron Kaiser <spectre@floodgap.com>
Date: Wed, 20 Oct 2010 19:52:56 -0700 (PDT)
Message-id: <[🔎] 201010210252.o9L2qufq018374@floodgap.com>
Reply-to: Gopher Project Discussion <gopher-project@lists.alioth.debian.org>
In-reply-to: <[🔎] 20101021005701.GA29357@pongonova.net> from Brian Koontz at "Oct 20, 10 07:57:01 pm"

> > This will reliably exploit the bug:
> > 
> > 	gopher://gopher.floodgap.com/0/test/expl/bad
> > 
> > (it's just an alert()). It still works on Camino 2.0.5 because that is built
> > on 3.0.next, which is still vulnerable and was not fixed by this patch.
> 
> This is all I got:
> 
> http://www.floodgap.com";><script>alert('boo')</script> ha ha ha

What browser was this? (That's all you *should* get, but on Camino and Fx
I get an alert "boo".)

-- 
------------------------------------ personal: http://www.cameronkaiser.com/ --
  Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckaiser@floodgap.com
-- Communism doesn't work because people like to own stuff. -- Frank Zappa ----

_______________________________________________
Gopher-Project mailing list
Gopher-Project@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/gopher-project

Reply to:

Follow-Ups:
- Re: [gopher] XSS in Gopher in Fx 3.6.11
  - From: Brian Koontz <brian@pongonova.net>

References:
- Re: [gopher] XSS in Gopher in Fx 3.6.11
  - From: Brian Koontz <brian@pongonova.net>

Prev by Date: Re: [gopher] XSS in Gopher in Fx 3.6.11
Next by Date: Re: [gopher] XSS in Gopher in Fx 3.6.11
Previous by thread: Re: [gopher] XSS in Gopher in Fx 3.6.11
Next by thread: Re: [gopher] XSS in Gopher in Fx 3.6.11
Index(es):
- Date
- Thread