TUCoPS :: Web :: Apps :: mojoxss.txt

Mojo Mail Signup Form XSS

Subject: XSS vulnerability in Mojo Mail Sign-Up Form



Heya, this is my first post here so go easy on me plz. I posted about this 

on the Mojo Bug Tracker ages ago and it's just been ignored, and besides, 

Im losing faith in reporting to the vendor, PHP Arena took the credit for 

an XSS bug I found in their paFileDB. But anyway, Mojo Mail doesn't filter 

sign-up requests, here's an example on Mojo's site:



http://mojo.skazat.com/cgi-bin/mojo/mojo.cgi?flavor=subscribe&email=%

3Cscript%3Ealert%28%22XSS%20Vuln.%22%29%3C%2Fscript%

3E&list=skazat_design_newsletter&submit=Submit



I don't know if I'm supposed to say more but it's just XSS, I think that's 

it?

~ElectroPhreak

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH