[Précédent (date)] [Suivant (date)] [Précédent (sujet)] [Suivant (sujet)] [Index par date] [Index par sujet]

Fwd: Re: Mailman: cross-site scripting bug



 --- Axel Beckert - ecos gmbh <[email protected]> wrote:
> From Axel Beckert - ecos gmbh Mon Jan 27 12:28:09
> 2003
> Date: Mon, 27 Jan 2003 21:28:09 +0100
> From: Axel Beckert - ecos gmbh <[email protected]>
> To: [email protected]
> Subject: Re: Mailman: cross-site scripting bug
> 
> At Fri, Jan 24, 2003 at 12:32:37PM -0900, Leif
> Sawyer wrote:
> >
>
https://workserver//mailman/options/ak3barons?language=&lt;SCRIPT&gt;ale
> > rt('Can%20Cross%20Site%20Attack')&lt;/SCRIPT&gt;
> > 
> > returns:
> > 
> > <h2>Error</h2><strong>Invalid options to CGI
> script.</strong>
> > 
> > 2.0.11 doesn't seem to be vulnerable to this.
> 
> Same counts for 2.0.13 on Apache 1.3.27.
> 
>             Kind regards, Axel Beckert
> -- 
>
-------------------------------------------------------------
> Axel Beckert      ecos electronic communication
> services gmbh
> Internetconnect * Webserver/-design/-datenbanken *
> Consulting
> 
> Post:       Tulpenstrasse 5         D-55276 Dienheim
> b. Mainz
> E-Mail:     [email protected]         Voice:   +49
> 6133 939-220
> WWW:        http://www.ecos.de/     Fax:     +49
> 6133 939-111
>
------------------------------------------------------------- 

=====
Unix - Live Free or Die!
--------------------------------
pub  1024D/3EE0743F 2002-12-01 Etienne Robillard <[email protected]>
        Key fingerprint = E001 CAE6 4F1A D11E 72AB  A7A3 C5B9 087A 3EE0 743F

______________________________________________________________________ 
Post your free ad now! http://personals.yahoo.ca