BugTraq
Back to list
|
Post reply
RE: Mailman: cross-site scripting bug
Jan 24 2003 09:32PM
Leif Sawyer (lsawyer gci com)
(1 replies)
Re: Mailman: cross-site scripting bug
Jan 27 2003 08:28PM
Axel Beckert - ecos gmbh (beckert ecos de)
At Fri, Jan 24, 2003 at 12:32:37PM -0900, Leif Sawyer wrote:
> https://workserver//mailman/options/ak3barons?language=<SCRIPT>ale
> rt('Can%20Cross%20Site%20Attack')</SCRIPT>
>
> returns:
>
> <h2>Error</h2><strong>Invalid options to CGI script.</strong>
>
> 2.0.11 doesn't seem to be vulnerable to this.
Same counts for 2.0.13 on Apache 1.3.27.
Kind regards, Axel Beckert
--
-------------------------------------------------------------
Axel Beckert ecos electronic communication services gmbh
Internetconnect * Webserver/-design/-datenbanken * Consulting
Post: Tulpenstrasse 5 D-55276 Dienheim b. Mainz
E-Mail: beckert (at) ecos (dot) de [email concealed] Voice: +49 6133 939-220
WWW: http://www.ecos.de/ Fax: +49 6133 939-111
-------------------------------------------------------------
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
> https://workserver//mailman/options/ak3barons?language=<SCRIPT>ale
> rt('Can%20Cross%20Site%20Attack')</SCRIPT>
>
> returns:
>
> <h2>Error</h2><strong>Invalid options to CGI script.</strong>
>
> 2.0.11 doesn't seem to be vulnerable to this.
Same counts for 2.0.13 on Apache 1.3.27.
Kind regards, Axel Beckert
--
-------------------------------------------------------------
Axel Beckert ecos electronic communication services gmbh
Internetconnect * Webserver/-design/-datenbanken * Consulting
Post: Tulpenstrasse 5 D-55276 Dienheim b. Mainz
E-Mail: beckert (at) ecos (dot) de [email concealed] Voice: +49 6133 939-220
WWW: http://www.ecos.de/ Fax: +49 6133 939-111
-------------------------------------------------------------
[ reply ]