oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Stored XSS vulnerability in BlogoText <= 3.7.5

From: chbi () chbi eu
Date: Mon, 9 Oct 2017 19:51:02 +0200
FYI

After further investigation, I've discovered that with this XSS
vulnerability it is also possible, for an unauthenticated user, to
upload a simple php web shell to execute code on the server.


-- 
chbi
https://chbi.eu

GPG: 3DE9 9187 4BE9 EAE6 3CA8  DC20 BA7B 93F9 9037 AE7E
     https://chbi.eu/chbi.asc

Attachment: signature.asc
Description: OpenPGP digital signature

Previous By Date Next
Previous By Thread Next

Current thread: