Saturday, November 6, 2010

Black Hat Schedule XSS again


Black Hat Schedule website vulnerable to cross-site scripting






Poc:

http://blackhat2010.sched.org/venue/Break/XSS

http://sched.blackhat.com/venue/IFRAME

http://sched.blackhat.com/venue/Opening%20Ceremonies/XSS










the old bug seems to be fixed but you can still see the mirror on xssed.com

No comments: