Warning: opendir(/var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/sh/3.0.83.2/scripts/): failed to open dir: No such file or directory in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 26

Warning: Invalid argument supplied for foreach() in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 170
Skip to content

SSCHADV2011-028 - FreeSMS Multiple Cross-site Scripting Vulnerabilities

Advisory:
FreeSMS Multiple Cross-site Scripting Vulnerabilities
Advisory ID:
SSCHADV2011-028
Author:
Stefan Schurtz
Affected Software:
Successfully tested on FreeSMS 2.1.2
Vendor URL:
Vendor Status:
informed
CVE-ID:
-
 
======================
Vulnerability Description:
======================
 
FreeSMS (Free Student Management System) is prone to multiple Cross-Site scripting vulernabilities
 
Continue reading "SSCHADV2011-028 - FreeSMS Multiple Cross-site Scripting Vulnerabilities"

Cross-site scripting (XSS) - What's that and how to identify them?

On my blog are some vulnerabilities called "Cross-site scripting" or "XSS", but what exactly is a Cross-site scripting?

A Cross-site scripting attack is a type of a html injection and the problem is always when a web application accept user input and generates the output without validating or encoding it. This flaw makes it possible for an attacker to inject a malicious script – like javascript – to access cookies, session tokes or some other sensitive information stored in the user’s browser, because it thinks the script came from a trusted source.  

They are some different possibilties to identify XSS vulnerabilities:

- use a web security scanner, like xsser, arachni, Nikto
- test/review the code for places with user input which possibly ends into HTML output
(contact forms, search forms …)
 
Continue reading "Cross-site scripting (XSS) - What's that and how to identify them?"
Imprint | Contact | Privacy Statement

Warning: opendir(/var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/sh/3.0.83.2/scripts/): failed to open dir: No such file or directory in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 26

Warning: Invalid argument supplied for foreach() in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 170