oss-sec mailing list archives

Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history

From: Mateusz Goik <mateusz.goik () aliantsoft pl>
Date: Mon, 27 Feb 2012 17:11:32 +0100

Hi,

I would add it is possible - read / create files on users hdd. (using
the method - GET / PUT)
Tested on Backtrack 5 r1 (kadu 0.10.0 - compiled from source).

Mateusz Goik

Current thread:

Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history, (continued)
- - Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Rafał Malinowski (Feb 28)
    - Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history cve-assign (Feb 28)
    - Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried (Feb 28)
    - Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history cve-assign (Feb 28)
    - Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried (Feb 28)
    - Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Marcus Meissner (Feb 29)
    - Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history cve-assign (Feb 29)
    - Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried (Feb 28)
    - Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried (Feb 28)
- Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Rafał Malinowski (Feb 27)
  - Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Mateusz Goik (Feb 27)
    - Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Mateusz Goik (Feb 27)
    - Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried (Feb 27)
    - Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Rafał Malinowski (Feb 27)
    - Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Kurt Seifried (Feb 28)
    - Re: Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history Rafał Malinowski (Feb 29)