Hosting Provided By

Re: eTicket version 1.5.5 XSS Attack Vulnerability

From: <sf(at)hm2k.org>
Date: Fri Jun 29 2007 - 05:56:41 EDT

The severity of this bug is inaccurate.

Considering this bug is simply XSS, and only available when register_globals is On I would consider this "Very Low".

Ultimately eTicket is not designed to work with register_globals On, please turn it off. It is set to off in php.ini by default. Received on Fri Jun 29 12:39:24 2007

This message: [ Message body ]
Next message: Airscanner Corp.: "Airscanner Advisory #07062901: FlexiSPY Victim/User Database Exposure (Full world readable access to ALL SMS/Emails/Voice data from victims/users)"
Previous message: Kees Cook: "[USN-479-1] MadWifi vulnerabilities"
Maybe in reply to: securityresearch(at)netvigilance.com: "eTicket version 1.5.5 XSS Attack Vulnerability"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Fri Jun 29 2007 - 12:40:05 EDT