[gopher] XSS in Gopher in Fx 3.6.11
Cameron Kaiser
spectre at floodgap.com
Thu Oct 21 02:52:56 UTC 2010
> > This will reliably exploit the bug:
> >
> > gopher://gopher.floodgap.com/0/test/expl/bad
> >
> > (it's just an alert()). It still works on Camino 2.0.5 because that is built
> > on 3.0.next, which is still vulnerable and was not fixed by this patch.
>
> This is all I got:
>
> http://www.floodgap.com"><script>alert('boo')</script> ha ha ha
What browser was this? (That's all you *should* get, but on Camino and Fx
I get an alert "boo".)
--
------------------------------------ personal: http://www.cameronkaiser.com/ --
Cameron Kaiser * Floodgap Systems * www.floodgap.com * ckaiser at floodgap.com
-- Communism doesn't work because people like to own stuff. -- Frank Zappa ----
More information about the Gopher-Project
mailing list