Hosting.com Cross Site Scripting

"E M" <rdnktrk@hotmail.com> · Mon, 17 Dec 2001 16:56:22 -0800

Issue -

Most Variables passed to the webmail script used by hosting.com (formerly 
CTSNet) execute script with local server context.

URL  : webmail.cts.com

Example :

http://webmail.cts.com/webmail.cgi?_ID=<SCRIPT>document.write("All%20Your%20Webmail%20is%20Belong%20to%20Us");</SCRIPT>

Vendor Status : Contacted 12.13.01 - Only automated reply.

Eric McCarty
rdnktrk@hotmail.com

_________________________________________________________________
MSN Photos is the easiest way to share and print your photos: 
http://photos.msn.com/support/worldwide.aspx