[Précédent (date)] [Suivant (date)] [Précédent (sujet)] [Suivant (sujet)] [Index par date] [Index par sujet]
Fwd: Re: Mailman: cross-site scripting bug
- To:
- Subject: Fwd: Re: Mailman: cross-site scripting bug
- From: Etienne Robillard <>
- Date: Mon, 27 Jan 2003 19:28:13 -0500 (EST)
--- Axel Beckert - ecos gmbh <[email protected]> wrote:
> From Axel Beckert - ecos gmbh Mon Jan 27 12:28:09
> 2003
> Date: Mon, 27 Jan 2003 21:28:09 +0100
> From: Axel Beckert - ecos gmbh <[email protected]>
> To: [email protected]
> Subject: Re: Mailman: cross-site scripting bug
>
> At Fri, Jan 24, 2003 at 12:32:37PM -0900, Leif
> Sawyer wrote:
> >
>
https://workserver//mailman/options/ak3barons?language=<SCRIPT>ale
> > rt('Can%20Cross%20Site%20Attack')</SCRIPT>
> >
> > returns:
> >
> > <h2>Error</h2><strong>Invalid options to CGI
> script.</strong>
> >
> > 2.0.11 doesn't seem to be vulnerable to this.
>
> Same counts for 2.0.13 on Apache 1.3.27.
>
> Kind regards, Axel Beckert
> --
>
-------------------------------------------------------------
> Axel Beckert ecos electronic communication
> services gmbh
> Internetconnect * Webserver/-design/-datenbanken *
> Consulting
>
> Post: Tulpenstrasse 5 D-55276 Dienheim
> b. Mainz
> E-Mail: [email protected] Voice: +49
> 6133 939-220
> WWW: http://www.ecos.de/ Fax: +49
> 6133 939-111
>
-------------------------------------------------------------
=====
Unix - Live Free or Die!
--------------------------------
pub 1024D/3EE0743F 2002-12-01 Etienne Robillard <[email protected]>
Key fingerprint = E001 CAE6 4F1A D11E 72AB A7A3 C5B9 087A 3EE0 743F
______________________________________________________________________
Post your free ad now! http://personals.yahoo.ca