[pLog-svn] [Fwd: Vulnerabilities in lifetype]
Oscar Renalias
oscar at renalias.net
Wed Apr 19 09:41:43 GMT 2006
Nice to see that whoever discovered these vulnerabilities informed the
vendor first...
Oscar
On 4/18/06, Jon Daley <plogworld at jon.limedaley.com> wrote:
> Verified, LT 1.1 is vulnerable.
>
> On Tue, 18 Apr 2006, Matt wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: RIPEMD160
> >
> > While skimming through bugtraq emails, I stumbled upon the attached...
> >
> > Checked the forums/news, didn't see anything relating to this.
> >
> > Probably should do some more filtering of what we pass smarty.
> >
> > They seem like valid claims. Teaser...
> > http://127.0.0.1/lifetype/index.php?op=Template&blogId=1&show=%3Cscript%3Ealert(document.cookie)%3C/script%3E
> >
> > - --
> > Matt (matt\ at\ woodzy.com) Public Key: woodzy.com/woodzy.gpg.asc
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.2.2 (GNU/Linux)
> >
> > iD8DBQFERPaDF8zKARDlTE4RA6vxAJ4wk1rlzS3QVA/Dmz+xqTtroe7mjgCeJZAG
> > tw2ln8oODjPJ56CZzjgP/pI=
> > =xl+o
> > -----END PGP SIGNATURE-----
> >
>
> **************************************
> Jon Daley
> http://jon.limedaley.com/
>
> To generalize is to be an idiot.
> -- William Blake
> _______________________________________________
> pLog-svn mailing list
> pLog-svn at devel.lifetype.net
> http://devel.lifetype.net/mailman/listinfo/plog-svn
>
More information about the pLog-svn
mailing list