On 16/03/13 12:40, Steven Chamberlain wrote:
> and the generated HTML contains:
>
> <IMG id="zoom" BORDER="0" width="697" height="315"
> SRC="/smokeping/images/__navcache/136343653521739_now" oops
> "_1363423440.png">
>
> Fortunately though, it doesn't seem possible to use an equals sign in
> these parameters, and so I don't see a way to perform XSS.
I forgot to mention something obvious, that angle bracket < > are
filtered out here, otherwise XSS would have been easy. Braces { } are
also filtered.
Regards,
--
Steven Chamberlain
ste...@pyro.eu.org
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
