[ postfixadmin-Bugs-2905599 ] wapity found XSS in login.php
Brought to you by:
christian_boltz,
gingerdog
Menu
▾
▴
[ postfixadmin-Bugs-2905599 ] wapity found XSS in login.php
|
From: SourceForge.net <no...@so...> - 2009-11-29 10:39:01
|
Bugs item #2905599, was opened at 2009-11-29 10:39 Message generated for change (Tracker Item Submitted) made by You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=2905599&group_id=191583 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Core Group: v 2.3 Status: Open Resolution: None Priority: 5 Private: No Submitted By: https://www.google.com/accounts () Assigned to: Nobody/Anonymous (nobody) Summary: wapity found XSS in login.php Initial Comment: Penetration tests with Wapity 1.6 found a XSS vulnerability in login.php. Site is running version 2.3. on https. . dani@danici:~$ wapiti https://postfixadmin-server/pfadm Wapiti-1.1.6 (wapiti.sourceforge.net) .... Attacking urls (GET)... ----------------------- Attacking forms (POST)... ------------------------- Found XSS in https://postfixadmin-server/pfadm/users/login.php with params = lang=on&fUsername=%3Cscript%3Evar+wapiti_68747470733a2f2f6272756767652e7479646e65742e6f72672f706661646d2f75736572732f6c6f67696e2e706870_66557365726e616d65%3Dnew+Boolean%28%29%3B%3C%2Fscript%3E&fPassword=on&submit=Login coming from https://postfixadmin-server/pfadm/users/login.php ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=937964&aid=2905599&group_id=191583 |
