lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <BAY20-F38DF1B94C4E8BEF9FC438EB550@phx.gbl>
Date: Wed, 09 Aug 2006 13:32:52 +0000
From: "HeLiOsZ RooT" <heliosz_time@...mail.com>
To: bugtraq@...urityfocus.com
Subject: Dragonfly CMS 9.0.6.1 and prior XSS 

## HeLiOsZ - Dark End Team - Internet Security Team
## Dragonfly CMS 9.0.6.1 and prior XSS

## IRC: darkend.sytes.net #darkend , http://darkend.sytes.net & 
http://www.darkend.org
## Rish : Medium
## Type : web applet

## Creator: http://www.cpgnuke.com/

## Exploit:
- The vuln is in the search section,it don't validate the imput.
  To exploit this vuln you simply need an Internet Browser,you must only use 
a cookie
  logger to get the Portal cookies.
  To know if it is vulnerable: <script>alert('This is an XSS 
Vulnerability')</script>

## Dork: Interactive software released under GNU GPL, Code Credits, Privacy 
Policy

_________________________________________________________________
Don't just search. Find. Check out the new MSN Search! 
http://search.msn.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ