darkreading.com published on 6th of April an article which describes 'meta-information XSS' (see 'Researcher Details New Class of Cross-Site Scripting Attack', available at http://darkreading.com/vulnerability_management/security/app-security/showArticle.jhtml?articleID=224201569").
The original article included a classic XSS test case, namely <script>alert(1)</script>. As a result of an existing XSS vulnerability in the darkreading.com web site, the XSS test case above turned out to be inadvertently a successful one, as shown below:
Following a brief notice I sent today to Timothy Wilson (editor at darkreading.com), he confirmed the issue, also mentioning that it is now fixed.
The HTML code from the original post (including the cited XSS test case):
a DNS TXT record that contains the value "<script>alert(1)</script>" and a service
The HTML code for current version of the article:
a DNS TXT record that contains [a certain value] and a service
With the same article being reproduced by a significant number of online publications, it could be interesting to see how many other are also affected.
Posts
chenlina20150613
ReplyDeletelouis vuitton
cheap jerseys
abercrombie kids
retro jordans
coach outlet
christian louboutin shoes
hollister kids
www.louisvuitton.com
jordan 8 playoffs
oakley sunglasses wholesale
kate spade outlet
discount christian louboutin
concord 11
coach outlet store online
coach outlet store online
jordan 11 snakeskin
michael kors outlet online
oakley eyeglasses
louis vuitton
oakley sunglasses
michael kors outlet
adidas outlet
ray ban outlet
toms wedges
kobe 9
michael kors handbags
michael kors handbags
true religion
adidas running shoes
michael kors watches
air jordan retro
air max shoes
lululemon
cheap nfl jerseys
cheap jerseys
burberry scarf
beats by dr dre
toms shoes
louis vuitton
michael kors outlet
as
joe's new balance
ReplyDeletecoach bags
coach purses outlet
coach sale
north face jacket clearance
columbia
michael kors.com
coach factory outlet online
nfl jerseys cheap authentic free shipping
coach purses on sale
vans shoes
coach purse
coach purses
coach store
clarks shoes for women
jimmy choo outlet
cheap salomon shoes
christian louboutin outlet
gucci outlet
coach outlet
oakley sunglasses wholesale
converse
fitflops clearance
north face
abercrombie and fitch coupons
celine bags
adidas superstar
michael kors sale
oakley store
new balance sale
new balance
nike free
nike outlet store online
fitflops clearance
columbia sportswear outlet
jordan shoes
michael kors wallets
coach outlet store
20160618yxj
This comment has been removed by the author.
ReplyDeleteréparation fuite chasse d'eau meaux
ReplyDeletehttp://serrurierfichet.paris/serrurier-viry-chatillon/
ReplyDeletered bottoms shoes
ReplyDeletelouboutin outlet
Adidas NMD R1
Adidas NMD
Adidas NMD For Sale
Adidas NMD XR1
NMD Human Race
NMD City Sock
Adidas Basketball Shoes
NMD Runner
yeezy boost 350
yeezy boost 750
adidas yeezy
yeezy shoes
fitflops
fitflops sale
fitflops sandals
fitflop shoes
fitflop sale
fitflop sandals
fitflops on sale
Si vous avez des litiges ou des questions d’ordre juridique, n’hésitez pas à demander les services des conseillers juridiques
ReplyDeleteconseil juridique en ligne
sos avocat
ReplyDeletewww.monconseillerjuridiqueenligne.com/sos-avocat/
Nous vous offrons des serrures toutes enseignes ou réparations de rideaux de fer, et ouverture de portes fortes en pays de porte ensuite effraction blindage de porte pour jugement d'un accès de clés facile ou de sécurité par le serrurier Athis Mons.
ReplyDelete