lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <97c29c800704120516w7d961f13n8b087cebc55dca5e@mail.gmail.com>
Date: Thu, 12 Apr 2007 12:16:49 +0000
From: "nssimo nssimo" <nsimou@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Dotclear 1.* Cross Site Scripting Vulnerability

Dotclear 1.*  Cross Site Scripting Vulnerability


1--two cross site scripting vulnerabilities have been discovered in the
dotclear1.*  allowing a remote  attackers to hijack authenticated session
Workaround:
$post_id (trackback.php)
$tool_url(/tools/thememng/index.php)
are not filtered
2-Proof of Concepts:
dotclear/ecrire/trackback.php?post_id="><script>alert(document.cookie
);</script>

/ecrire/tools.php?tool_url=%22%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E&p=thememng


3-Disclosure timeline
05/04/2007   dotclear team contacted
10/04/2007  fixed

4-solution:
upgrade to dotclear 1.2.6
http://www.dotclear.net/

found by nassim
http://www.securlabs.com/

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ