BugTraq
Name:
Email:
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Subject:
Message:
 
"$referer" export lead to the cross-site flaws in all versions of Discuz! Mar 24 2010 09:52AM
lis cker (liscker hotmail com)


hi;

All versions of Discuz! have the cross-site vulnerabilities because of the export value of "$referer".

Like:
Discuz! 7.X
Discuz! 6.X
Discuz! 5.X
Discuz!NT 3.X
and so on.


There are some htm pages in all versions of Discuz!, that are:
/templates/default/attachpay.htm
/templates/default...

[ more ]  
 

Privacy Statement
Copyright 2010, SecurityFocus