Re: Yet another XSS vulnerability in PHP NUKE

From: Muhammad Faisal Rauf Danka (mfrdat_private)
Date: Sat Sep 28 2002 - 05:20:57 PDT

Next message: skinnayat_private: "Jetty jsp/servlet engine xss / uname disclosure vuln"

Previous message: Ossian Vitek: "[VulnWatch] Re: Hacking Citrix Faq (+DEF CON presentation)"
Maybe in reply to: ersatzat_private: "Yet another XSS vulnerability in PHP NUKE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This XSS issue with the search field has already been discovered and published by Mark Grimes.

see the link:
http://www.der-keiler.de/Mailing-Lists/securityfocus/bugtraq/2002-09/0289.html

Regards
--------
Muhammad Faisal Rauf Danka

Head of GemSEC / Chief Technology Officer
Gem Internet Services (Pvt) Ltd.
web: www.gem.net.pk
Key Id: 0x784B0202
Key Fingerprint: 6F8C EDCF 6C6E 06A5 48D7  6A20 C592 484B 
784B 0202

_____________________________________________________________
---------------------------
[ATTITUDEX.COM]
http://www.attitudex.com/
---------------------------

_____________________________________________________________
Select your own custom email address for FREE! Get youat_private w/No Ads, 6MB, POP & more! http://www.everyone.net/selectmail?campaign=tag

Next message: skinnayat_private: "Jetty jsp/servlet engine xss / uname disclosure vuln"
Previous message: Ossian Vitek: "[VulnWatch] Re: Hacking Citrix Faq (+DEF CON presentation)"
Maybe in reply to: ersatzat_private: "Yet another XSS vulnerability in PHP NUKE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sat Sep 28 2002 - 12:13:37 PDT