oss-sec mailing list archives
Re: Jara 1.6 SQL injection and XSS
From: Henri Salo <henri () nerv fi>
Date: Mon, 31 Oct 2011 18:14:53 +0200
On Mon, Oct 31, 2011 at 10:01:39AM -0600, Kurt Seifried wrote:
On 10/30/2011 04:48 AM, Henri Salo wrote:XSS: http://packetstormsecurity.org/files/106114/jara-sql.txt Bug report to vendor: https://sourceforge.net/tracker/?func=detail&aid=3430384&group_id=294500&atid=1243901I assume here you are referring to the comment: "http://localhost/jara/search.php?term=<script>alert('Faille XSS')</script>" -Kurt
Yes, sorry for not clarifying that out. There is also report of XSS in: http://www.bugsearch.net/en/12471/jara-16-xss-vulnerabilities.html Best regards, Henri Salo
Current thread:
- Jara 1.6 SQL injection and XSS Henri Salo (Oct 30)
- Re: Jara 1.6 SQL injection and XSS Kurt Seifried (Oct 31)
- Re: Jara 1.6 SQL injection and XSS Henri Salo (Oct 31)
- Re: Jara 1.6 SQL injection and XSS Kurt Seifried (Oct 31)
- Re: Jara 1.6 SQL injection and XSS Kurt Seifried (Oct 31)