[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Mambo CMS 4.6.x (4.6.5) | Multiple Cross Site Scripting Vulnerabilities

To: YGN Ethical Hacker Group <lists@xxxxxxxx>
Subject: Re: [Full-disclosure] Mambo CMS 4.6.x (4.6.5) | Multiple Cross Site Scripting Vulnerabilities
From: "Zach C." <fxchip@xxxxxxxxx>
Date: Tue, 28 Jun 2011 01:04:03 -0700

On Mon, Jun 27, 2011 at 8:04 PM, YGN Ethical Hacker Group <lists@xxxxxxxx>wrote:

>
> The XSS results are from purely blackbox scan on Mambo 4.6.5.
>
>
Wait, so you're telling me that you're running some program to find these
and then just reporting the results to this list? If so, please give some
credit to the program's author for actually finding these!

Or, if you mean you're just blindly throwing XSS attacks at random variables
hoping to find one that sticks... well, why hasn't a script been written for
this yet? (Or if one has, what's it called?)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] Mambo CMS 4.6.x (4.6.5) | Multiple Cross Site Scripting Vulnerabilities
  - From: YGN Ethical Hacker Group
- Re: [Full-disclosure] Mambo CMS 4.6.x (4.6.5) | Multiple Cross Site Scripting Vulnerabilities
  - From: Jacqui Caren-home
- Re: [Full-disclosure] Mambo CMS 4.6.x (4.6.5) | Multiple Cross Site Scripting Vulnerabilities
  - From: YGN Ethical Hacker Group

Prev by Date: Re: [Full-disclosure] Joomla! 1.6.3 and lower | Multiple Cross Site Scripting (XSS) Vulnerabilities
Next by Date: [Full-disclosure] INSECT Pro - Advisory 2011 0628 - SQL Injection - XSS - RGBoard 2.2
Previous by thread: Re: [Full-disclosure] Mambo CMS 4.6.x (4.6.5) | Multiple Cross Site Scripting Vulnerabilities
Next by thread: [Full-disclosure] [SECURITY] CVE-2011-2204 - Apache Tomcat information disclosure
Index(es):
- Date
- Thread