lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAGKQm=UpFo9GUt5-Lz7ojCNgfk9HbvqruKD-_gC5A7uD_3XZWg@mail.gmail.com> Date: Fri, 17 Jul 2015 01:53:21 -0300 From: Juan Martinez <gus70938@...il.com> To: "fulldisclosure@...lists.org" <fulldisclosure@...lists.org> Subject: [FD] weblogin software cross site request Hi, People i discover a cross site request in this Dork: intitle:weblogin intext:"This page will redirect you to:" This cross site request is exploit like this example: http://target/Login:%20Weblogin%20%20This%20page%20will%20redirect%20you%20to<%20 inject any word you want to screen in the webpage>. Or another Poc is for example: http:target?referer=<inject the word or number you want to like view in the page....>. I advice fix this bug because is very easy deface this webpages whith Product:WebLogin Best Regard. Rootktit Pentester. _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists