| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20061121201250.13378.qmail@securityfocus.com> Date: 21 Nov 2006 20:12:50 -0000 From: saps.audit@...il.com To: bugtraq@...urityfocus.com Subject: JiRos Links Manager[injection sql & xss permanent] vendor site:http://www.jiros.net/ product:JiRos Links Manager bug: injection sql & xss risk : medium injection sql: /openlink.asp?LinkID='[sql] /viewlinks.asp?CategoryID='[sql] xss permanent (post): in: /submitlink.asp -Link Name: -Link URL: -Link Image: -Link Description: those xss are really dangerous , because an admin need to approuve the link so he gone get his cookie stealed direcly when he log into the administration panel laurent gaffié & benjamin mossé http://s-a-p.ca/ contact: saps.audit@...il.com
Powered by blists - more mailing lists