lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.LNX.2.00.1507171804150.26955@forced.attrition.org> Date: Fri, 17 Jul 2015 18:05:44 -0500 (CDT) From: jericho <jericho@...rition.org> To: Full Disclosure <fulldisclosure@...lists.org> Subject: Re: [FD] weblogin software cross site request : Dork: intitle:weblogin intext:"This page will redirect you to:" A single site runs this 'WebLogin'. : Product:WebLogin What is the vendor URL? Or there is none, because this is a site-specific issue for lanl.gov. Worse, it has pretty aggressive filtering and will not render script tags, HTML tags, and requires the http:// element it seems. So this is a site specific issue, with no real value or merit, and doesn't apply to anyone else in the world? : Rootktit Pentester. Really? _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists