TechSmog
Published: June 22, 2004 References: http://www.securityfocus.com/bid/10592/info http://www.securityfocus.com/archive/1/366757 Original Advisory: vendor: ArbitroWeb about: An anonymous web surfing proxy written in PHP. ArbitroWeb will redirect all web requests thru it's set of scripts, all URL's contained will be adjusted/mangled to it's own scripts. date: june 22nd, 2004 vendor status: ? problem: javascript can be injected into the /?rawURL= field... ex: www.server.com/?rawURL=<script>javascript:alert();</script> popups up ... Read More »
ArbitroWeb XSS Advisory
