[IMC-NYC-Editorial] Security Vulnerability in NYC IMC web site
m at mlcastle.net
Mon Oct 18 16:14:59 PDT 2004
Thanks for the notificiation.
We were recently made aware of the problem and are working to fix it.
On Mon, Oct 18, 2004 at 04:03:30PM -0600, Dave McKinney wrote:
> Hi, this cross-site scripting vulnerability was posted to Bugtraq.
> It appears to be in an application that is used on your site.
> ----- Forwarded message from Brett <brett at rightwingextremist.net> -----
> From: Brett <brett at rightwingextremist.net>
> Subject: dadaIMC XSS Exploit
> To: bugtraq at securityfocus.com
> Date: 17 Oct 2004 19:02:35 -0000
> X-Mailer: MIME-tools 5.411 (Entity 5.404)
> Message-ID: <20041017190235.25517.qmail at www.securityfocus.com>
> dadaIMC has an xss exploit in the author field. So just throw some xss in the author field.
> Example: <script>alert("hi")</script>
> try it on http://nyc.indymedia.org
> Founded by: elac
> ----- End forwarded message -----
> Dave McKinney
> keyID: BF919DD7
> key fingerprint = 494D 6B7D 4611 7A7A 5DBB 3B29 4D89 3A70 BF91 9DD7
mike castleman, m at mlcastle.net
http://mlcastle.net/ - tel:+1-646-382-7220
property is theft.
don't even get me started on "intellectual property."
More information about the imc-nyc-editorial