lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 12 Jan 2006 13:15:03 +0200 From: "M.Neset KABAKLI" <neset@...iza.com> To: <bugtraq@...urityfocus.com> Subject: FogBugz Cross Site Scripting Vulnerability I.Vulnerability FogBugz Cross Site Scripting Vulnerability II.Vendor Fog Creek Software (www.fogcreek.com) III.Affected Systems - FogBugz (<= 4.029) IV.About FogBugz is a complete web based project management system for software teams. Designed by Joel Spolsky of Joel on Software fame (www.fogcreek.com). V.Description An attacker is able to inject HTML and client-side script codes to FogBugz login page by modifying dest variabe. An example crafted link can be found below. VI.Exploit http://[fogbugz.example.com]/default.asp?pg=pgLogon&dest=[XSS] VII.Vulnerability Status - Vulnerability discovered on 2005-12-11. - Vendor notified on 2005-12-13. - Patch released on 2005-12-13. VIII.Credits M.Neset KABAKLI, Wakiza Software Technologies (www.wakiza.com).
Powered by blists - more mailing lists