lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sun Mar 27 19:54:09 2005 From: corryl at sitoverde.com (CorryL) Subject: THai's Shoutbox XSS (Spoofing URL) BUG -=[--------------------ADVISORY-------------------]=- -=[ ]=- -=[ THai's Shoutbox ]=- -=[ ]=- -=[ Author: CorryL www.x0n3-h4ck.org ]=- -=[ ]=- -=[----------------------------------------------------]=- -=[+] Application: THai's Shoutbox -=[+] Version: not available -=[+] Vendor's URL: not available -=[+] Platform: Windows\Linux\Unix -=[+] Bug type: XSS spoofing url -=[+] Exploitation: Remote/Local -=[-] -=[+] Author: CorryL ~ corryl80[at]gmail[dot]com ~ -=[+] Reference: www.x0n3-h4ck.org ~ irc.xoned.net #x0n3-h4ck ..::[ Descriprion ]::.. THai's Shoutbox and' a small glass showcase where the consumers of his/her own site can leave messages, and' very easy to use and to install, it doesn't need database mysql ..::[ Bug ]::.. this application and' he/she cuts from a bug type XSS a remote attaccker it is able' to exploit this bug for spoofing a malignant url ..::[ Proof Of Concept ]::.. /shoutact.php?yousay=default&query=http://www.x0n3-h4ck.org /shoutact.php?yousay=default&name=default&query=http://www.x0n3-h4ck.org /shoutact.php?yousay=default&email=default&query=http://www.x0n3-h4ck.org /shoutact.php?yousay=default&email=default&name=default&query=http://www.x0n 3-h4ck.org ..::[ Workaround ]::.. Vendor not avaliable ..::[ Disclousure Timeline ]::.. [27/03/2005] - No patch relase from vendor (not avaliable) [27/02/2005] - Public disclousure CorryL corryl80@...il.com www.x0n3-h4ck.org Italian Security Team Fax (+39) 02700520894 Tel (+39) 06452215277 irc.xoned.net #x0n3-h4ck _________________________________ www.seekstat.it is your web stat
Powered by blists - more mailing lists