| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <43DEB43D.6040602@f-box.org> Date: Tue, 31 Jan 2006 00:50:05 +0000 From: Dan B UK <dan-fd@...ox.org> To: zeus olimpusklan <zeus.olimpusklan@...il.com> Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com, org@...urity.nnov.ru, admin@...e-h.org Subject: Re: ashnews Cross-Site Scripting Vulnerability Hi zeus, Did you even look at the source code for this script. If you had then you would see that in the case of register_global's being turned on there is a bigger issue to worry about; Remote/Local File Inclusion - Server side. I have just managed to examine the source code on a few servers in under 10 minutes; from start to finish. (I know that cookie stealing is an issue; and evil JavaScript can do a lot. But if you can alter the server files then there is an even greater issue!) Due to the nature of the issue I am not disclosing the detail of it until the writer of the software has updated it; maybe you could have waited?? A vulnerability that allows privileges of the apache user within the limitations of how much PHP has been locked down. Cheers, Dan. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists