ah ouais, pas con :) note: il est plus sympa lui, on sent le respect japonais.
On 7 May 2013 19:42, Franck Paul <[email protected]> wrote: > Plop ? la XSS swfupload n'est pas complètement corrigée, cf ci-dessous. > > ---------- Forwarded message ---------- > From: mala <[email protected]> > Date: 2013/5/7 > Subject: [Open Time] Fwd: XSS in dotclear > To: [email protected] > > > > Bonjour, > > Vous avez reçu un message venant de la page contact de votre blog. > > Blog : Open Time > Message de : mala <[email protected]> > Site web : > > Message : > ----------------------------------------------------------- > ---------- Forwarded message ---------- > From: mala <[email protected]> > Date: Sat, May 4, 2013 at 5:50 PM > Subject: XSS in dotclear, dotclear.org > To: [email protected] > > > Dear dotclear security team, > > Hi, I'm Japanese programmer/security researcher. > > This is wrong method to fix vuln. > http://dev.dotclear.org/2.0/changeset/1115 > > Example: > http://dotclear.org/?pf=swfupload.swf#?&movieName=";])}catch(e){alert(1)}// > > > > > > -- > Franck > > _______________________________________________ > Dev mailing list - [email protected] - > http://ml.dotclear.org/listinfo/dev >
_______________________________________________ Dev mailing list - [email protected] - http://ml.dotclear.org/listinfo/dev
