[Yapcom] Cross-site-scripting (XSS) Bug in Yapcom
Shlomi Fish
shlomif at iglu.org.il
Wed Dec 29 12:18:46 IST 2004
On Monday 15 November 2004 15:02, Shlomi Fish wrote:
> It seems that when displaying the bio's of the registered users, Yapcom
> does not encode special HTML characters. Thus if you register with the
> following bio:
>
> <<<
> hello <a href="javascript:alert('hi')">you</a>
>
>
> You'll get a nice javascript code in the page. It could be much worse.
>
Hi! I reported this problem a long time ago, and did not receive any reply or
acknowledgement. This is a serious problem that renders Yapcom-based sites
dangerous for visitors. What is being done to solve it?
Regards,
Shlomi Fish
---------------------------------------------------------------------
Shlomi Fish shlomif at iglu.org.il
Homepage: http://www.shlomifish.org/
Knuth is not God! It took him two days to build the Roman Empire.
More information about the Yapcom
mailing list