Begin forwarded message:
From: Hal Eden <[EMAIL PROTECTED]>
Date: March 5, 2008 2:59:08 PM MST
To: "Guzdial, Mark" <[EMAIL PROTECTED]>
Subject: Re: [Pws] FW: [Swiki-bugs] SWIKI 1.5 Cross-Site Scripting
what he's saying is that if you access the url: (here is a concrete
example)
http://swiki.cs.colorado.edu:3232/<script>alert("XSS");</script>
it pops up an alert with a message specified by the site of the
originating link (not by the swiki)
hal
On Mar 5, 2008, at 2:31 PM, Guzdial, Mark wrote:
I'm not even sure I grok the question...
-----Original Message-----
From: [EMAIL PROTECTED] on behalf of [EMAIL PROTECTED]
Sent: Wed 3/5/2008 4:23 PM
To: [EMAIL PROTECTED]
Subject: [Swiki-bugs] SWIKI 1.5 Cross-Site Scripting
Swiki-Bugs,
FYI there is a XSS vuln in Swiki 1.5 exploitable by:
http://[host]:8000/<script>alert("XSS");</script>
I would like to post to bugtraq so please let me know when it has
been
fixed! Thanks!
--
Brad Antoniewicz
Senior Security Consultant
Foundstone Professional Services
A Division of McAfee
http://www.foundstone.com
[EMAIL PROTECTED]
(O) 646.728.1493
(C) 347.801.5864
(F) 212.869.6720
1133 Avenue of the Americas
New York, NY 10036
PGP Key: http://www.foundstone.com/us/pgpkeys/bradantoniewicz.asc
Blog: http://www.avertlabs.com/research/blog/
_______________________________________________
Swiki-bugs mailing list
[EMAIL PROTECTED]
https://mailman.cc.gatech.edu/mailman/listinfo/swiki-bugs
_______________________________________________
Pws mailing list
Pws@cc.gatech.edu
https://mailman.cc.gatech.edu/mailman/listinfo/pws
_______________________________________________
Pws mailing list
Pws@cc.gatech.edu
https://mailman.cc.gatech.edu/mailman/listinfo/pws
