Charles Fry <[EMAIL PROTECTED]> writes: >> as mentioned in http://www.osreviews.net/reviews/comm/awstats, the >> same type of XSS vulnerability also exists with the 'diricons' >> parameter. In this case, Debian is affected, too. > > As Eldy already explained (earlier in this bug report), the entire query > string is sanitised against XSS by a call to CleanFromCSSA. The > osreviews guys noticed that the word "Sanitize" does not surround > diricons ("and possibly others as well"), but they failed to notice the > cleaning call to CleanFromCSSA.
Exploit #1: http://www.example.com/cgi-bin/awstats.pl?diricons=%22%3E0wned!%3Cspan%20%22 Hendrik -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
