| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20110926170731.GA25963@foo.fgeek.fi> Date: Mon, 26 Sep 2011 20:07:31 +0300 From: Henri Salo <henri@...v.fi> To: Amir@...st.ir Cc: bugtraq@...urityfocus.com Subject: Re: PunBB 1.3.6 bug On Sun, Sep 25, 2011 at 02:14:37PM +0000, Amir@...st.ir wrote: > ##################################################################################################################### > # # > # Islamic Republic Of Iran Security Team # > # # > # Www.IrIsT.Ir # > # # > ##################################################################################################################### > # # > # PunBB <== 1.3.6 Cross-Site Scripting Vulnerabilities # > # # > # Download......: http://punbb.informer.com/downloads.php#1.3.6 # > # # > # Bug Found.....: IrIsT? # > # # > # discovery.....: Am!r (IrIsT?) # > # # > # contact.......: Amir[at]IrIsT.ir # > # # > # Exploit.......: http://www.site.com/browse.php?keywords=[xss]&search=Search&projects=1&styles=1&forums=1 # > # # > # Google Search.: "Powered By PunBB" # > # # > # SP TNX........: B3HZ4D & satanicstar & SeCuRiTy & m3hdi & vahid4251 & all IrIsT members # > # & h4ckcity.org & phc.ir & all SP # > # # > ##################################################################################################################### You definately have an error here. There is no browse.php-file in PunBB installation. I don't know what your intentions were on reporting this, but definately false-positive as far as I can tell. Did you notice that several problems was fixed in this release? Regards, Henri Salo
Powered by blists - more mailing lists