[IMC-Tech] Rochester IMC dadaimc issue, was: Can Someone Switch rochester.indymedia.org to point to new site

[Alster]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> On 11/6/06, Alster <alster at indymedia.org> wrote:
> You don't seem to be running the latest dadaimc version on the new site:
> The following URL, when copied + pasted into Internet Explorer (6 or 7)
> or Konqueror, will spawn a Warning message, which demonstrates a
> vulnerability.
> 
> http://hamiltonsites.ca/mod/search/dosearch/index.php?dosearch=1&medium=&searchtext=<script>alert('This_is_not_the_latest_dadaimc_version_but_an_outdated_one_which_is_vulnerable_to_Cross_Site_Scripting.')</script>

Ben Dean-Kawamura wrote:
> Thanks for the advice.  The dada version was 0.99.3, but I ran the
> auto-update module and there were a ton of updates.  I don't have easy
> access to IE, can you double check that my update fixed the problem?

First of all: I'm sorry, I didn't actually mean to send this last email
to imc-tech.

Secondly, this upgrade did not fix the problem unfortunately. However,
it does not occur on dev.dadaimc.org. Maybe you can just manually edit
out the URL of the current page which is given in the 'page banner'
section (see HTML source code). I assume that other IMCs will have the
same issue then.

I'm BCC'ing a copy to spud's personal address.

Alster
- --
GPG key
http://keys.indymedia.org/cgi-bin/lookup?op=get&search=05059C17
Fingerprint    1B8B 128F 8435 541C B3A5 1B7E CF5A 9D55 0505 9C17
All other      http://docs.indymedia.org/view/Main/AlsteR
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFUZBfz1qdVQUFnBcRAjNRAJwMIKTCpxtSCVUebU6T5Tj6vnurEACfT/NE
FzYPVzD0ZXG6XxBmAUxyHkA=
=7BdR
-----END PGP SIGNATURE-----