darksecurity.de | Entries tagged as heise

SSCHADV2012-099 - t-online.de eMail Center - Cross-Site Request Forgery & Cross-site Scripting vulnerabilities

Posted by Stefan Schurtz on Saturday, January 12. 2013

Advisory:	t-online.de eMail Center – Cross-Site Request Forgery & XSS vulnerabilities
Advisory ID:	SSCHADV2012-099
Author:	Stefan Schurtz
Affected Software:	Successfully tested on email.t-online.de
Vendor URL:	http://www.t-online.de
Vendor Status:	fixed

======================
Vulnerability Description
======================

http://email.t-online.de is prone to multiple CSRF and XSS vulnerabilities

Continue reading "SSCHADV2012-099 - t-online.de eMail Center - Cross-Site Request Forgery & Cross-site Scripting vulnerabilities"

SSCHADV2013-002 - heise.de - Cross-site Scripting vulnerability

Posted by Stefan Schurtz on Friday, January 4. 2013

Advisory:	heise.de – Cross-site Scripting vulnerability
Advisory ID:	SSCHADV2013-002
Author:	Stefan Schurtz
Affected Software:	Successfully tested on heise.de
Vendor URL:	http://www.heise.de
Vendor Status:	fixed

======================
Vulnerability Description
======================

http://www.heise.de is prone to a XSS vulnerability

Continue reading "SSCHADV2013-002 - heise.de - Cross-site Scripting vulnerability"

My new article on heise Security

Posted by Stefan Schurtz on Monday, November 5. 2012

Here is my newest article, published on heise Security.

This time it’s about the Web-Security tool "CSRFTester" from The Open Web Application Security Project (OWASP). It’s a short overview how to use the CSRFTester to identify "Cross Site Request Forgery" vulnerabilites in web applications.

Here is the link to the article: http://heise.de/-1735223

Enjoy yourself!

Mon	Tue	Wed	Thu	Fri	Sat	Sun
← Back	April '24
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30