On Tue, Jul 01, 2003 at 09:49:11AM +0300, Muli Ben-Yehuda wrote: > ----- Forwarded message from Aviram Jenik <[EMAIL PROTECTED]> ----- > > Date: Tue, 1 Jul 2003 07:35:38 +0300 > From: Aviram Jenik <[EMAIL PROTECTED]> > Organization: Beyond Security Ltd. > User-Agent: KMail/1.5.2 > To: Muli Ben-Yehuda <[EMAIL PROTECTED]> > Subject: Cross Site Scripting Attack on IGLU > > Hi, > > The first thing to do is delete this post > (http://www.iglu.org.il:8080/Control_Panel/Products/Squishdot/IGLU/1055621120/index_html). > > However, keep in mind that you need to access this page with cookies > disabled, or else they will get your administrative cookie! >
The version of Zope on IGLU is quite old. 2.1-something, IIRC. The version of Squishdot is probably almost as old. Upgrade? Replace with something else (that people here know how to maintain)? This question has arose several times in the past. -- Tzafrir Cohen +---------------------------+ http://www.technion.ac.il/~tzafrir/ |vim is a mutt's best friend| mailto:[EMAIL PROTECTED] +---------------------------+
