[IMC-NYC-Editorial] Security Vulnerability in NYC IMC web site
Dave McKinney
dm at securityfocus.com
Mon Oct 18 15:03:30 PDT 2004
Hi, this cross-site scripting vulnerability was posted to Bugtraq.
It appears to be in an application that is used on your site.
----- Forwarded message from Brett <brett at rightwingextremist.net> -----
From: Brett <brett at rightwingextremist.net>
Subject: dadaIMC XSS Exploit
To: bugtraq at securityfocus.com
Date: 17 Oct 2004 19:02:35 -0000
X-Mailer: MIME-tools 5.411 (Entity 5.404)
Message-ID: <20041017190235.25517.qmail at www.securityfocus.com>
dadaIMC has an xss exploit in the author field. So just throw some xss in the author field.
Example: <script>alert("hi")</script>
-
try it on http://nyc.indymedia.org
-
Founded by: elac
http://rightwingextremist.net
----- End forwarded message -----
--
Dave McKinney
Symantec
keyID: BF919DD7
key fingerprint = 494D 6B7D 4611 7A7A 5DBB 3B29 4D89 3A70 BF91 9DD7
More information about the imc-nyc-editorial
mailing list