| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 11 Apr 2006 20:26:06 -0000 From: d4igoro@...il.com To: bugtraq@...urityfocus.com Subject: Tritanium Bulletin Board 1.2.3 - XSS Tritanium Bulletin Board 1.2.3 - XSS Vulnerabilities -------------------------------------------------------- Software: Tritanium Bulletin Board 1.2.3 Version: 1.2.3 Type: Cross Site Scripting Vulnerability Date: Die Apr 11 21:57:50 CEST 2006 Vendor: tritanium Page: http://www.tritanium-scripts.com/ Risc: Low credits: ---------------------------- d4igoro - d4igoro[at]gmail[dot]com http://d4igoro.blogspot.com/ vulnerability: ---------------------------- register_globals On http://[target]/index.php?faction=register&newuser_name=[XSS] http://[target]/index.php?faction=register&newuser_email=[XSS] http://[target]/index.php?faction=register&newuser_hp=[XSS] solution: ---------------------------- register.php line 26-33 : better validating notes: ---------------------------- The vendor has been informed. googledork: ---------------------------- "2001/2002 Tritanium Scripts"
Powered by blists - more mailing lists