lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <Pine.LNX.4.64.0604262351190.31702@forced.attrition.org>
Date: Wed, 26 Apr 2006 23:55:46 -0400 (EDT)
From: security curmudgeon <jericho@...rition.org>
To: bugtraq@...urityfocus.com
Cc: qex@...mail.com
Subject: Re: Instant Photo Gallery <= Multiple XSS



: Discovered by: Qex 
: Date: 25 April 2006 
: 
: /member.php?action=viewpro&member=[XSS]

Can you confirm this? Doing a quick grep of the 1.0.2 source code finds no 
occurace of "viewpro" at all. The line above also happens to be exactly 
the same as your DevBB disclosure, suggesting this may be a bad cut/paste?

Additionally, in the subsequent posting you refer to additional scripts 
being affected:

/portfolio.php?cat_id=[XSS]
/portfolio_photo_popup.php?id=[XSS]

Secunia apparently wasn't able to validate all of the XSS but instead 
found one SQL injection issue: http://secunia.com/advisories/19813/

Can you confirm or clarify any of the above?



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ