Projects

+ acr
+ activewall
+ wistumbler2
+ mksend
+ rss2html
+ youterm
+ 0xFFFF
+ radare
+ gdvb
+ pvc
+ mesure
+ screws
exploits

Rss2

 : 20070821

Hosts

www.nopcode.org
radare.nopcode.org
cvs.nopcode.org
news.nopcode.org
blogs.nopcode.org
git.nopcode.org
pvc.nopcode.org

Blogs

+ brainstorm
+ pancake
+ pof
+ wzzx
>> 0day advisory: reverse-xss plain attack at pans and company
(security) ( Net Flanders @ Tue, 20 Ago 2007 11:59:59 +0200 )


Today I have discovered a 0day at pans and company that allows you to make a reverse-xss plain attack on the bill.

A second bug it is not a 0day, but stands to make you think if the food is cheaper if you don't want a "BUEN PROVECHO".

Take a look:



NOTE: Serial IDs, hour, place and personal information has been altered for privacy. So don't don't take them seriously.



Yup..i'm also thinking about how to exploit this reverse-xss input. hahah



Dev-lists

wistumbler2
radare

Categories

( news(6)
( projects(2)
( releases(10)
( security(1)
( servers(4)

Posts

( 0day advisory: reverse-xss plain attack at pans and company
( pandas at defcon15
( org.nopcode.rest
( New web style
( mesure 0.7.2 released
( rss2html 0.8.2 released!
( acr 0.5.2 released
( debian repository for nopcode software
( youterm project has been made public
( nopcode mirror at bytezero
( gdvb 0.5 released
( acr 0.5 released
( gdvb 0.4 released
( rss2html 0.8 released!
( gdvb 0.3 released
automatically generated by doblog 0.3