* Sourceware Security Vulnerablity
@ 2014-09-09 11:16 Paul Yibelo
0 siblings, 0 replies; only message in thread
From: Paul Yibelo @ 2014-09-09 11:16 UTC (permalink / raw)
To: insight
Hey,
My name is Paul. I believe I discovered a very nice XSS in your
website sourceware.org. I coudnt find any other place to submit it so,
I just mailedy you here. you should have a bug submit page. :)
here is the payload
https://www.sourceware.org/cgi-bin/cvsweb.cgi/libc/login/programs%0A%0A<script>alert(0);</script>%0A%0A/pt_chown.c?rev=1.12&content-type=text/html&cvsroot=glibc&only_with_tag=MAIN
your error page doesnt sanitize input. hoping to hearing from you :D
Thanks,
Paul
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2014-09-09 11:16 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-09-09 11:16 Sourceware Security Vulnerablity Paul Yibelo
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).