Bugtraq mailing list archives
Wheatblog [multiple xss (post) & full path disclosure]
From: saps.audit () gmail com
Date: 9 Nov 2006 20:22:27 -0000
vendor site: http://wheatblog.sourceforge.net/ product : Wheatblog bug: multiple xss (post) & full path disclosure risk : medium xss post : /add_comment.php vulnerable fieds : - Name - WWW - Comment impact: an attacker can steal the cookie from every persons who is watching at the comments. full path disclosure : /index.php?postPtr[]=1&next=1 laurent gaffié & benjamin mossé http://s-a-p.ca/ contact: saps.audit () gmail com
Current thread:
- Wheatblog [multiple xss (post) & full path disclosure] saps . audit (Nov 09)