darksecurity.de | Entries from January 2013

SSCHADV2012-027 - www.datingcafe.de - Cross-site Scripting vulnerability

Shame on me ;-)

SSCHADV2012-099 - t-online.de eMail Center - Cross-Site Request Forgery & Cross-site Scripting vulnerabilities

SSCHADV2012-024 - elitepartner.de Cross-site Scripting vulnerability

SSCHADV2013-002 - heise.de - Cross-site Scripting vulnerability

SSCHADV2013-001 - Websitebaker Add-on 'Concert Calendar 2.1.4' XSS & SQLi vulnerability

Posted by Stefan Schurtz on Saturday, January 19. 2013

Advisory:	www.datingcafe.de – Cross-site Scripting vulnerability
Advisory ID:	SSCHADV2012-027
Author:	Stefan Schurtz
Affected Software:	Successfully tested on www.datingcafe.de
Vendor URL:	http://www.datingcafe.de
Vendor Status:	fixed

======================
Vulnerability Description
======================

http://www.datingcafe.de is prone to a Cross-site Scripting vulnerability

Continue reading "SSCHADV2012-027 - www.datingcafe.de - Cross-site Scripting vulnerability"

Posted by Stefan Schurtz on Saturday, January 12. 2013

I totally forget to publish my Security Advisory about some Cross-Site Request Forgery & Cross-site Scripting vulnerabilities on http://t-online.de. So I published it today.

And here is the link to the advisory SSCHADV2012-099 and here are some pictures about the XSS by html file (1, 2), txt file (1, 2, 3) and two videos about the CSRF vulnerabilities :)

Continue reading "Shame on me ;-)"

Posted by Stefan Schurtz on Saturday, January 12. 2013

Advisory:	t-online.de eMail Center – Cross-Site Request Forgery & XSS vulnerabilities
Advisory ID:	SSCHADV2012-099
Author:	Stefan Schurtz
Affected Software:	Successfully tested on email.t-online.de
Vendor URL:	http://www.t-online.de
Vendor Status:	fixed

======================
Vulnerability Description
======================

http://email.t-online.de is prone to multiple CSRF and XSS vulnerabilities

Continue reading "SSCHADV2012-099 - t-online.de eMail Center - Cross-Site Request Forgery & Cross-site Scripting vulnerabilities"

Posted by Stefan Schurtz on Thursday, January 10. 2013

Advisory:	www.elitepartner.de – Cross-site Scripting vulnerability
Advisory ID:	SSCHADV2012-024
Author:	Stefan Schurtz
Affected Software:	Successfully tested on www.elitepartner.de
Vendor URL:	http://www.elitepartner.de
Vendor Status:	fixed

======================
Vulnerability Description
======================

http://www.elitepartner.de is prone to a XSS vulnerability

Continue reading "SSCHADV2012-024 - elitepartner.de Cross-site Scripting vulnerability"

Posted by Stefan Schurtz on Friday, January 4. 2013

Advisory:	heise.de – Cross-site Scripting vulnerability
Advisory ID:	SSCHADV2013-002
Author:	Stefan Schurtz
Affected Software:	Successfully tested on heise.de
Vendor URL:	http://www.heise.de
Vendor Status:	fixed

======================
Vulnerability Description
======================

http://www.heise.de is prone to a XSS vulnerability

Continue reading "SSCHADV2013-002 - heise.de - Cross-site Scripting vulnerability"

January '13

Posted by Stefan Schurtz on Friday, January 4. 2013

Advisory:	Websitebaker Add-on ‘Concert Calendar 2.1.4’ XSS & SQLi vulnerability
Advisory ID:	SSCHADV2013-001
Author:	Stefan Schurtz
Affected Software:	Successfully tested on Concert Calendar 2.1.4
Vendor URL:	http://addons.websitebaker2.org/pages/en/browse-add-ons.php?id=0E8BC37
Vendor Status:	fixed

======================
Vulnerability Description
======================

Websitebaker Add-on ‘Concert Calendar 2.1.4’ is prone to a XSS and SQLi vulnerability

Continue reading "SSCHADV2013-001 - Websitebaker Add-on 'Concert Calendar 2.1.4' XSS & SQLi vulnerability"