lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060327084840.23461.qmail@securityfocus.com>
Date: 27 Mar 2006 08:48:40 -0000
From: botan@...uxmail.org
To: bugtraq@...urityfocus.com
Subject: CanfTool v1.1 Cross Site Scripting Attack


Cross Site Scripting Attack CanfTool v1.1

=========================================

Description : 

Conftool is a Web-based online system that was developed to supports many administrative tasks of conferences, workshops and seminars. It can help to make the management of events easier and much more efficient. ConfTool does not only support the submission/review-process, but also the registration of participants and many other tasks. 

Conftool is an open/shared-source system, technically mature and available under different licenses. 

We offer a free license of the standard version "VSIS ConfTool" for non-commercial conferences and events (i.e. only voluntary staff, less than 200 participants, student discounts). Please consider our license terms for non-commercial events. 

In addition to this, following products and services can be purchased:

Per-conference and per-site licenses of VSIS ConfTool for organizers of small to medium size events. 
ConfTool Pro, an extensively enhanced version of ConfTool suitable for organization of larger events and offering much more features. 
Professional support for ConfTool and ConfTool Pro. 
Modifications of the software to the specific needs of your event. 
Hosting of ConfTool and ConfTool Pro.
If you are interested in any of the above, please send a mail to info@...ftool.net with some information about your event. *

============================================

WebSite : http://www.conftool.net
============================================
Vulnerable :

http://www.example.com/[path]/index.php?page=<script>alert(document.cookie)</script>

============================================

Solution :

No patch Avaible, please useing other version
=============================================

Thanks : Patriotic Hackers members

Contact : irc.gigachat.net #kurdhack & www.PatrioticHackers.com


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ