|
|
 |
| New User, Welcome! Login |
Re: Elkapax CMS Cross site scripting vulnerability
| From: |
security curmudgeon <jericho attrition org> |
| To: |
faghani nsec ir |
| Cc: |
bugtraq securityfocus com |
| Subject: |
Re: Elkapax CMS Cross site scripting vulnerability |
| Date: |
Tue - Aug 18, 2009 10:30 PM |
: Title: Elkapax CMS Multiple Vulnerabilities
:
: Vendor: www.elkapax.com
: Fix: N/A
: Elkapax is a CMS producer in Iran. Search page in Elkapax CMS
:
: product are vulnerable to XSS vulnerability.
:
: Cross Site Scripting vulnerability in Search page in "q" parameter.
:
: http://example.com/?q=<script>alert(123)</script>&mode=2
:
: Solution:
:
: Input validation of Parameter "q" should be corrected.
:
: Credit:
:
: Isfahan University of Technology - Computer Emergency Response Team
:
: Thanks to : N. Fathi, E. Jafari, M. R. Faghani
So a University of Technology maintains a CERT team, that discloses the
most basic of XSS flaws, and you cannot even figure out which script is
affected?
You thank three people, presumably for help in this discovery or advisory.
On top of that, you disclose this without a solution other than "sanitize
input" in so many words.
I believe you have done worse than any of the random <script> pasting
kiddies flooding the list for the last ten years.
- security curmudgeon
|
|
|
Copyright © 1995-2012 LinuxRocket.net. All rights reserved.
Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!
