------=_Part_23606_3482423.1176380209314 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Dotclear 1.* Cross Site Scripting Vulnerability 1--two cross site scripting vulnerabilities have been discovered in the dotclear1.* allowing a remote attackers to hijack authenticated session Workaround: $post_id (trackback.php) $tool_url(/tools/thememng/index.php) are not filtered 2-Proof of Concepts: dotclear/ecrire/trackback.php?post_id="> /ecrire/tools.php?tool_url=%22%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E&p=thememng 3-Disclosure timeline 05/04/2007 dotclear team contacted 10/04/2007 fixed 4-solution: upgrade to dotclear 1.2.6 http://www.dotclear.net/ found by nassim http://www.securlabs.com/ ------=_Part_23606_3482423.1176380209314 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline

Dotclear 1.* Cross Site Scripting Vulnerability

1--two cross site scripting vulnerabilities have been discovered in the dotclear1.* allowing a remote attackers to hijack authenticated session
Workaround:
$post_id (trackback.php)
$tool_url(/tools/thememng/index.php)
are not filtered

2-Proof of Concepts:
dotclear/ecrire/trackback.php?post_id="><script>alert(document.cookie);</script>

/ecrire/tools.php?tool_url=%22%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3E&p=thememng

3-Disclosure timeline
05/04/2007 dotclear team contacted
10/04/2007 fixed

4-solution:
upgrade to dotclear 1.2.6
http://www.dotclear.net/

found by nassim
http://www.securlabs.com/

------=_Part_23606_3482423.1176380209314--