[pLog-svn] [Fwd: Vulnerabilities in lifetype]
Jon Daley
plogworld at jon.limedaley.com
Tue Apr 18 14:30:33 GMT 2006
Verified, LT 1.1 is vulnerable.
On Tue, 18 Apr 2006, Matt wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: RIPEMD160
>
> While skimming through bugtraq emails, I stumbled upon the attached...
>
> Checked the forums/news, didn't see anything relating to this.
>
> Probably should do some more filtering of what we pass smarty.
>
> They seem like valid claims. Teaser...
> http://127.0.0.1/lifetype/index.php?op=Template&blogId=1&show=%3Cscript%3Ealert(document.cookie)%3C/script%3E
>
> - --
> Matt (matt\ at\ woodzy.com) Public Key: woodzy.com/woodzy.gpg.asc
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.2.2 (GNU/Linux)
>
> iD8DBQFERPaDF8zKARDlTE4RA6vxAJ4wk1rlzS3QVA/Dmz+xqTtroe7mjgCeJZAG
> tw2ln8oODjPJ56CZzjgP/pI=
> =xl+o
> -----END PGP SIGNATURE-----
>
**************************************
Jon Daley
http://jon.limedaley.com/
To generalize is to be an idiot.
-- William Blake
More information about the pLog-svn
mailing list