----- Forwarded message from Aviram Jenik <[EMAIL PROTECTED]> ----- Date: Tue, 1 Jul 2003 07:35:38 +0300 From: Aviram Jenik <[EMAIL PROTECTED]> Organization: Beyond Security Ltd. User-Agent: KMail/1.5.2 To: Muli Ben-Yehuda <[EMAIL PROTECTED]> Subject: Cross Site Scripting Attack on IGLU
Hi, The first thing to do is delete this post (http://www.iglu.org.il:8080/Control_Panel/Products/Squishdot/IGLU/1055621120/index_html). However, keep in mind that you need to access this page with cookies disabled, or else they will get your administrative cookie! Then, check who isn't filtering the <script> tags: is it an iglu specific problem, or a certain product problem? Keep me posted. -- Regards, Aviram Jenik Beyond Security Ltd. http://www.BeyondSecurity.com http://www.SecuriTeam.com Know that you're safe: http://www.AutomatedScanning.com ----- End forwarded message ----- -- Muli Ben-Yehuda http://www.mulix.org http://www.livejournal.com/~mulix/
pgp00000.pgp
Description: PGP signature
