En même temps ils ne se sont même pas aperçus qu'une 2.5 était sortie, on laisse courir, non ?
Franck 2013/4/10 Dsls <[email protected]> > On peut leur répondre une fois pour toutes que le fichier en question > n'est pas accessible ? > Le 10 avr. 2013 07:32, "Dotclear (contact)" <[email protected]> a > écrit : > >> Pour info >> >> Franck >> >> ---------- Forwarded message ---------- >> From: MustLive <[email protected]> >> Date: 2013/4/9 >> Subject: XSS and CS vulnerabilities in Dotclear >> To: [email protected] >> >> >> ** >> *Hello developers of Dotclear!* >> >> In January I've informed you about multiple vulnerabilities in >> Dotclear. You have lamerly ignored my letter and haven't fixed these holes. >> >> I've wrote you about Cross-Site Scripting and Content Spoofing >> vulnerabilities in flash-files in your engine. Dotclear has three swf files >> (according to your site http://dev.dotclear.org/2.0/browser/inc/swf), I >> suppose last version Dotclear 2.4.4 too. And these files are vulnerable to >> XSS and CS, so your engine has these holes. >> >> Now I'll give you more vulnerabilities in SWFUpload, in addition to >> previous XSS hole, which I'll be disclosing together with previous >> vulnerabilities in all three swf-files in Dotclear. >> >> These are new Cross-Site Scripting and Content Spoofing vulnerabilities >> in your engine. I've wrote about these holes already in March in my >> advisories concerning SWFUpload ( >> http://seclists.org/fulldisclosure/2013/Mar/110 and >> http://seclists.org/fulldisclosure/2013/Mar/116). If you would fixed >> previous hole in SWFUpload in January, when I first informed you, then >> you also fixed these holes. >> >> *Content Spoofing (WASC-12):* >> >> >> http://site/inc/swf/swfupload.swf?buttonText=test%3Cimg%20src=%27http://demo.swfupload.org/v220/images/logo.gif%27%3E >> >> It's possible to inject text, images and html (e.g. for link injection). >> >> *Cross-Site Scripting (WASC-08):* >> >> >> http://site/inc/swf/swfupload.swf?buttonText=%3Ca%20href=%27javascript:alert(document.cookie)%27%3EClick%20me%3C/a%3E >> >> Code will execute after click. It's strictly social XSS. >> >> The same as with previous holes, to these ones vulnerable are all >> versions of Dotclear - Dotclear 2.4.4 and previous versions. >> >> Best wishes & regards, >> Eugene Dokukin aka MustLive >> Administrator of Websecurity web site >> http://websecurity.com.ua >> >> >> _______________________________________________ >> Dev mailing list - [email protected] - >> http://ml.dotclear.org/listinfo/dev >> > > _______________________________________________ > Dev mailing list - [email protected] - > http://ml.dotclear.org/listinfo/dev >
_______________________________________________ Dev mailing list - [email protected] - http://ml.dotclear.org/listinfo/dev
