[gopher] XSS in Gopher in Fx 3.6.11
Brian Koontz
brian at pongonova.net
Thu Oct 21 00:57:01 UTC 2010
On Wed, Oct 20, 2010 at 06:52:24PM -0700, Cameron Kaiser wrote:
> This will reliably exploit the bug:
>
> gopher://gopher.floodgap.com/0/test/expl/bad
>
> (it's just an alert()). It still works on Camino 2.0.5 because that is built
> on 3.0.next, which is still vulnerable and was not fixed by this patch.
This is all I got:
http://www.floodgap.com"><script>alert('boo')</script> ha ha ha
--Brian
More information about the Gopher-Project
mailing list