lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20110926170731.GA25963@foo.fgeek.fi>
Date: Mon, 26 Sep 2011 20:07:31 +0300
From: Henri Salo <henri@...v.fi>
To: Amir@...st.ir
Cc: bugtraq@...urityfocus.com
Subject: Re: PunBB 1.3.6 bug

On Sun, Sep 25, 2011 at 02:14:37PM +0000, Amir@...st.ir wrote:
> #####################################################################################################################
> #                                                                                                                   #
> #                Islamic Republic Of Iran Security Team                                                             #
> #                                                                                                                   #
> #                           Www.IrIsT.Ir                                                                            #
> #                                                                                                                   #
> #####################################################################################################################
> #                                                                                                                   #
> # PunBB  <== 1.3.6  Cross-Site Scripting Vulnerabilities                                                            #
> #                                                                                                                   #
> # Download......: http://punbb.informer.com/downloads.php#1.3.6                                                     #
> #                                                                                                                   #
> # Bug Found.....: IrIsT?                                                                                            #
> #                                                                                                                   #
> # discovery.....: Am!r (IrIsT?)                                                                                     #
> #                                                                                                                   #
> # contact.......: Amir[at]IrIsT.ir                                                                                  #
> #                                                                                                                   #
> # Exploit.......: http://www.site.com/browse.php?keywords=[xss]&search=Search&projects=1&styles=1&forums=1          #
> #                                                                                                                   #
> # Google Search.: "Powered By PunBB"                                                                                #
> #                                                                                                                   #
> # SP TNX........: B3HZ4D & satanicstar & SeCuRiTy & m3hdi & vahid4251 & all IrIsT members                           #
> # & h4ckcity.org & phc.ir & all SP                                                                                  #
> #                                                                                                                   #
> #####################################################################################################################

You definately have an error here. There is no browse.php-file in PunBB installation. I don't know what your intentions were on reporting this, but definately false-positive as far as I can tell. Did you notice that several problems was fixed in this release?

Regards,
Henri Salo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ