| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 4 Oct 2009 15:47:15 +0000
From: Jaloh Smith <jal0h@...mail.com>
To: Full Disclosure <full-disclosure@...ts.grok.org.uk>
Subject: Re: Geeklog <= v1.6.0sr2 - Remote File Upload
>
> > Successful exploitation requires the ability to execute the uploaded JavaScript.
> > The Geeklog Forum program can be used as an attack vector since it does not
> > properly validate many $_GET / $_POST variables.
> Could you give us some more details about these XSS vulnerabilities ? :)
>
> Cause all I see here is a RCE in the admin panel.
> You confirm that there are XSS but we don't have any details about them...
The
easy one is when the forum allows anonymous posts and is configured for
text posts. The anonymous user name is never filtered, so you can put
anything there, including a reference to the javascript uploaded as the
user profile image..
<script src="../images/userphotos/username.jpg"></script>
_________________________________________________________________
Windows Live: Keep your friends up to date with what you do online.
http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_1:092010
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists