darksecurity.de | Entries from Saturday, January 12. 2013

Warning: opendir(/var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/sh/3.0.83.2/scripts/): failed to open dir: No such file or directory in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 26

Warning: Invalid argument supplied for foreach() in /var/www/html/web1/serendipity/plugins/serendipity_event_dpsyntaxhighlighter/serendipity_event_dpsyntaxhighlighter.php on line 170
Skip to content

Shame on me ;-)

Posted by Stefan Schurtz on Saturday, January 12. 2013

I totally forget to publish my Security Advisory about some Cross-Site Request Forgery & Cross-site Scripting vulnerabilities on http://t-online.de. So I published it today.

And here is the link to the advisory SSCHADV2012-099 and here are some pictures about the XSS by html file (1, 2), txt file (1, 2, 3) and two videos about the CSRF vulnerabilities :)

Continue reading "Shame on me ;-)"

SSCHADV2012-099 - t-online.de eMail Center - Cross-Site Request Forgery & Cross-site Scripting vulnerabilities

Posted by Stefan Schurtz on Saturday, January 12. 2013

Advisory:	t-online.de eMail Center – Cross-Site Request Forgery & XSS vulnerabilities
Advisory ID:	SSCHADV2012-099
Author:	Stefan Schurtz
Affected Software:	Successfully tested on email.t-online.de
Vendor URL:	http://www.t-online.de
Vendor Status:	fixed