[VIM] [SECUNIA] Re: 20612 typo? (fwd)
security curmudgeon
jericho at attrition.org
Thu Jun 15 02:51:18 EDT 2006
Posting here with Carsten's permission. This is clarifcation on a recent
disclosure.
---------- Forwarded message ----------
From: Secunia Research
To: security curmudgeon <jericho at attrition.org>
Cc: Secunia Research
Date: Thu, 15 Jun 2006 07:50:48 +0200
Subject: [SECUNIA] Re: 20612 typo?
Hi Brian,
The input boxes are displayed by booking2.php, but the entered values
are passed to booking3.php, which doesn't sanitise it before displaying
it.
cheers,
/Carsten
On Wed, 2006-06-14 at 20:01 -0400, security curmudgeon wrote:
> http://archives.neohapsis.com/archives/bugtraq/2006-06/0111.html
>
> Effected files:
> input boxes on booking2.php
>
> XSS Vulnerabilities:
>
> The input boxes on booking2.php [..]
>
> --
>
> http://secunia.com/advisories/20612/
>
> parameters in booking3.php is not properly sanitised
>
>
>
>
> booking2 vs booking3?
>
--
Med venlig hilsen / Kind regards
Carsten H. Eiram
Senior Security Specialist
More information about the VIM
mailing list