Bug#365909: Bug#364443: [Pkg-awstats-devel] Bug#364443: Vulnerability
exists also with the 'diricons' parameter
Martin Schulze
joey at infodrom.org
Fri May 12 12:20:58 UTC 2006
Hendrik Weimer wrote:
> Martin Schulze <joey at infodrom.org> writes:
>
> > How can the diricons and config parameters be exploited? From a quick
> > glance I can't find an open associated with $DirIcons.
>
> The diricons issue is a XSS vulnerability. It has nothing to do with
> the two other holes (which lead to arbitrary code execution) other
> than they all are a case of missing input sanitizing.
Umh... but since the query_string is already sanitised globally
how can XSS still happen? Was the sanitising not sucessful?
Regards,
Joey
--
It's time to close the windows.
Please always Cc to me when replying to me on the lists.
More information about the Pkg-awstats-devel
mailing list