lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <ad1ac4482dfc62c3f3500ee14ea503b2@imap.1und1.de> Date: Mon, 16 Jun 2008 09:38:32 +0000 From: Moritz Naumann <security@...itz-naumann.com> To: full-disclosure@...ts.grok.org.uk Subject: Advisory: SANS CMS fails to sanitize web scripting Some monday morning fun: SANS content management system fails to properly sanitize user inputs, allowing for injection of malicious web script or HTML. Prior authentication is required, limiting this issue to blog posts by people with malicious intentions or who don't know what they're doing. POC here: http://isc.sans.org/diary.html?storyid=4565 Search the source code for 'adsitelo' (without quotes). _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists