| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <99e73caa0806090846v49046aacrc5a72356e1d706c8@mail.gmail.com> Date: Mon, 9 Jun 2008 17:46:02 +0200 From: "MC Iglo" <mc.iglo@...glemail.com> To: full-disclosure@...ts.grok.org.uk Subject: persistant XSS, Manipulation of Data and privileg escalation in gpotato.eu forums Hi all, the forums of gpotato.eu is prone to multiple different vulnerabilities. Timeline for XSS: 14. May: notified gpotato.eu stating, that there are security wholes in their forum I could use to steal login-information 15. May: response: there is no bug in the forum, and as the login information is encrypted, there is no problem 15. May: sending example: <scr<script>ipt>alert(document.cookie);</scr</script>ipt> 16. May: response: Ok, there was a bug when User has IE (bullshit, but example code doesn't work anymore) 16. May: sent next example: <p onmouseover='alert(document.cookie);'>blabla</p> no more response. It doesn't work this way anymore, but my code is still sent to the site and only gets enclosed as title="mycode". Still might be vulnearble. I don't have a timeline for manipulation and escalation, but I told them several times now. It was possible, to reply to closed threads, which seems to be fixed now. But for the same time, they know, anyone (logged in) can edit anybody's postings, which is still unfixed. http://t*nyurl.com/5ovmr7 regards MC.Iglo _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists