ISC^2/CISSP websites vulnerable to XSS

June 14, 2007

ISC^2 continues its string of nominations to the Wall O' Irony with these latest gems. Both and had cross-site scripting vulnerabilities posted to F-D.

[Full-disclosure] CISSP

From: Bozo Bad (bozobad[at]
Date: Mon Jun 18 2007 - 12:37:25 CDT,mamma, 
a CISSP!%22)%3C/script%3E  

[Full-disclosure] Todays Lesson - XSS
From: Concerned CISSP (certifiedcissp[at]
Date: Thu Jun 14 2007 - 01:35:34 CDT

Today's lesson, boys and girls is on Cross Site Scripting....
"An XSS attack relies on a website displaying text with-out checking 
whether it contains special characters. The client browser interprets 
the special characters as script instructions, and executes the 
An example of an XSS attack:"><script>alert(document.cookie);</script>&print=cpe
Now that you've seen XSS... you can add one CPE to your CISSP record!
Skinny Mongoose - CISSP
shoutz to - $nip3r, P0p3, mkkna$ti..... 

main page ATTRITION feedback