Дополнительная информация

Ежедневная сводка уязвимостей безопасности в Web-приложениях (PHP, ASP, JSP, CGI, Perl)

phpTournois <= G4 Remote File Upload/Code Execution Exploit

WoltLab(R) Community Framework XSS and Full Path Disclosure Vulnerability

Attack Technique: File Download Injection

Wikepage Opus 13 2007.2 Directory Traversal Vulnerbility

From:	Brad Antoniewicz <brad.antoniewicz_(at)_foundstone.com>
Date:	8 апреля 2008 г.
Subject:	Swiki 1.5 Multiple Cross-Site Scripting Vulnerabilities

Title: Swiki 1.5 Multiple Cross-Site Scripting Vulnerabilities
Vendor URL: http://wiki.squeak.org/swiki Vendor Contacted: Yes

Description:
Multiple stored and reflective cross-site scripting vulnerabilities were identified in Swiki 1.5.

Reflective (example):
http://[host]:8000/<script>alert("XSS");</script>

Stored (example):
On posts to 1.append when adding new entries into the wiki, the application does not properly escape
javascript code resulting in a stored cross-site scripting attack.

Credit:
Brad Antoniewicz
brad.antoniewicz@foundstone.com