| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <45F48C77.5050406@katamail.com> Date: Mon, 12 Mar 2007 00:10:47 +0100 From: ascii <ascii@...amail.com> To: Paul Laudanski <paul@...tlecops.com> Cc: vuln@...urity.nnov.ru, webappsec@...ts.owasp.org, news@...uriteam.com, full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com, vulnwatch@...nwatch.org Subject: Re: Php Nuke POST XSS on steroids Paul Laudanski wrote: > I tried both your scripts at a few locations, and all I get back is this [cut] hi Paul, long time from ccc : ) it happens because http headers must be on a single line, it's a formatting issue (my fault, i used to put a link to a plain text version but this time i forgot about it), i've just created a txt version of the advisory available here: http://phpfi.com/214668 it should be more usable, i dunno when the demos will stop working on phpnuke.org so i've asked wisec to upload this video since www.ush.it has bandwidth issues http://www.wisec.it/ush/phpnukexss.html obviously to bypass the anti-CSRF filter you have to mix the XSS with the import_request_variables() trick (this doesn't work on phpnuke.org because they have globals on, this is why i choose that domain) consider that import_request_variables() will allows you to do much more than an XSS, this is just an example advisory on an example product See you, Francesco `ascii` Ongaro http://www.ush.it/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists