Re: [Full-disclosure] Geeklog <= v1.6.0sr2 - Remote File Upload
- From: Andrew Farmer <andfarm@xxxxxxxxx>
- Date: Sun, 4 Oct 2009 12:22:59 -0700
On 4 Oct 2009, at 08:47, Jaloh Smith wrote:
The
easy one is when the forum allows anonymous posts and is configured
for
text posts. The anonymous user name is never filtered, so you can put
anything there, including a reference to the javascript uploaded as
the
user profile image..
<script src="../images/userphotos/username.jpg"></script>
That's actually a much worse exploit than the file upload. There's no
reason the script you load has to be stored locally -- it works just
as well if you pull it from another domain.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- References:
- [Full-disclosure] Geeklog <= v1.6.0sr2 - Remote File Upload
- From: Jaloh Smith
- Re: [Full-disclosure] Geeklog <= v1.6.0sr2 - Remote File Upload
- From: Jaloh Smith
- [Full-disclosure] Geeklog <= v1.6.0sr2 - Remote File Upload
- Prev by Date: Re: [Full-disclosure] Weev, AKA Andrew Auernheimer [Fullinfo Doc(TM) revision #1]
- Next by Date: [Full-disclosure] Take it from weev's mom.
- Previous by thread: Re: [Full-disclosure] Geeklog <= v1.6.0sr2 - Remote File Upload
- Next by thread: [Full-disclosure] n3td3v banned from full-disclosure mailing list
- Index(es):
Relevant Pages
|
