[pLog-svn] [Fwd: Vulnerabilities in lifetype]
Matt
matt at woodzy.com
Tue Apr 18 14:24:03 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160
While skimming through bugtraq emails, I stumbled upon the attached...
Checked the forums/news, didn't see anything relating to this.
Probably should do some more filtering of what we pass smarty.
They seem like valid claims. Teaser...
http://127.0.0.1/lifetype/index.php?op=Template&blogId=1&show=%3Cscript%3Ealert(document.cookie)%3C/script%3E
- --
Matt (matt\ at\ woodzy.com) Public Key: woodzy.com/woodzy.gpg.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFERPaDF8zKARDlTE4RA6vxAJ4wk1rlzS3QVA/Dmz+xqTtroe7mjgCeJZAG
tw2ln8oODjPJ56CZzjgP/pI=
=xl+o
-----END PGP SIGNATURE-----
-------------- next part --------------
An embedded message was scrubbed...
From: crasher at kecoak.or.id
Subject: Vulnerabilities in lifetype
Date: Fri, 14 Apr 2006 13:45:10 +0700
Size: 3796
Url: http:// devel.lifetype.net/pipermail/plog-svn/attachments/20060418/348526bb/Vulnerabilitiesinlifetype-0001.eml
More information about the pLog-svn
mailing list