[oss-security] Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history

From: Mateusz Goik <mateusz.goik_at_nospam>
Date: Mon Feb 27 2012 - 16:11:32 GMT
To: RafaÅ‚ Malinowski <rafal.przemyslaw.malinowski@gmail.com>

Hi,

I would add it is possible - read / create files on users hdd. (using
the method - GET / PUT)
Tested on Backtrack 5 r1 (kadu 0.10.0 - compiled from source).

Mateusz Goik

This message: [ Message body ]
Next message: Mateusz Goik: "[oss-security] Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history"
Previous message: Whitney Houston: "[oss-security] Re: DesktopOnNet 3 Beta LFI"
In reply to: RafaÅ‚ Malinowski: "[oss-security] Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history"
Next in thread: Mateusz Goik: "[oss-security] Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history"
Reply: Mateusz Goik: "[oss-security] Re: CVE Status Clarification / Request -- kadu: Stored XSS by parsing contact's status and sms messages in history"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]