Explore the community Forums Social Lounge HTML, javascript alert security issue Reply To: HTML, javascript alert security issue

#409836 Score: 0
Profile photo of Toni Brown
Toni Brown
Member
beginner
intermediate
curious george
wise owl
friend finder
@tbrown1635

let me try this again.

 

jmptopg=javascript%3Aalert%2822%

 

<body><div style=”visibility: hidden; display: none; position: absolute; overflow:

hidden;”><iframe id=”ifr_ javascript:alert(22) ” name=”ifr_javascript:alert(22)” scrolling=”no”

src=”javascript:alert(22)” style=”width: 100%; height: 100%; border: 0px; overflow: hidden;

visibility: hidden; left: 0px; top: 0px;”></iframe></div>

<div id=”pgBkAudio” class=”pgBkAudio” style=”visibility: hidden

 

Parameter: jmptopg

Risk(s): It may be possible to steal or manipulate customer session and cookies, which might be used to impersonate a legitimate

user, allowing the hacker to view or alter user records, and to