Forgive me in advance for an extremely bad joke, if you can even call it that, but I just can't help it.
Here's how to get an XSS fortune cookie:
1) Ask the mighty Google oracle who might be able to tell you your fortune.
http://www.google.com/search?hl=en&q=tell+my+fortune&btnG=Search&lr=lang_en
2) Select one of the sponsored links; in this case I chose SpritualExperts.com.
3) Pick a variable. I settled for banid.
4) Ask it if it has a cookie for you.
http://www.spiritualexperts.com/psychic_reading/psychic_reading.asp?banid=%22%3E%3CSCRIPT%3Ealert%28document%2Ecookie%29%3C%2FSCRIPT%3E
Voila...an XSS fortune cookie. Sorry. Really, I am.
The webmaster has been advised...play nice.
Screenshot for after they fix the issue.
del.icio.us | digg
Subscribe to:
Post Comments (Atom)
Moving blog to HolisticInfoSec.io
toolsmith and HolisticInfoSec have moved. I've decided to consolidate all content on one platform, namely an R markdown blogdown sit...
-
Continuing where we left off in The HELK vs APTSimulator - Part 1 , I will focus our attention on additional, useful HELK features to ...
-
As you weigh how best to improve your organization's digital forensics and incident response (DFIR) capabilities heading into 2017, cons...
-
When, in October and November 's toolsmith posts, I redefined DFIR under the premise of D eeper F unctionality for I nvestigators in R ...
4 comments:
Hopefully your day job will keep you employed long enough that you won't need to fall back on stand up comedy.
For sure you're working too hard at your day job to have to resort to this! :) Funny stuff man!
Kevin
Impacta LLC
Dude... you need a vacation.
Post a Comment