http://www.security-net.biz/wsw/index.php?p=233&n=195 RSS feed - Site Exposed sr 15 http://www.security-net.biz/wsw/index.php?p=233&n=195&bl=283 http://www.security-net.biz/wsw/index.php?p=233&n=195&bl=283 <span style="font-weight: bold;">- Tip sajta:</span> ISP<br /><span style="font-weight: bold;">- Tip propusta:</span> XSS<br /><span style="font-weight: bold;">- Detalji:</span> POST forma za proveru slobodnih domena prihvata specijalne karaktere.<br /><span style="font-weight: bold;">- Savet:</span> Pretvorite specijalne karaktere u odgovarajuce html entitete.<br /><span style="font-weight: bold;">- Pronasao:</span> <a href="http://www.security-net.biz/" target="_blank">Ivan Markovic</a> Wed, 18 Feb 2009 10:47:03 +0100 http://www.security-net.biz/wsw/index.php?p=233&n=195&bl=271 http://www.security-net.biz/wsw/index.php?p=233&n=195&bl=271 - <span style="font-weight: bold;">Tip sajta:</span> Telekomunikacioni portal<br />- <span style="font-weight: bold;">Tip propusta:</span> XSS<br />- <span style="font-weight: bold;">Detalji:</span> Jedan od $_GET parametara se stampa u okviru stranice bez filtriranja specijalnih karaktera.<br />- <span style="font-weight: bold;">Savet:</span> Pretvorite specijalne karaktere u odgovarajuce html entitete.<br />- <span style="font-weight: bold;">Pronasao</span>: <a href="http://netsec.rs/" target="_blank">Dejan Levaja</a> Mon, 22 Dec 2008 05:48:00 +0100 http://www.security-net.biz/wsw/index.php?p=233&n=195&bl=268 http://www.security-net.biz/wsw/index.php?p=233&n=195&bl=268 - <span style="font-weight: bold;">Tip sajta:</span> Security magazin<br />- <span style="font-weight: bold;">Tip propusta:</span> Remote File Include<br />- <span style="font-weight: bold;">Detalji:</span> Parametar za biranje frejma stranice prihvata ucitavanje stranica sa udaljenih lokacija.<br />- <span style="font-weight: bold;">Savet:</span> Koristite ucitavanje web stranica preko putanja fajl sistema.<br />- <span style="font-weight: bold;">Pronasao</span>: <a href="http://netsec.rs/" target="_blank">Dejan Levaja</a> Wed, 17 Dec 2008 11:39:21 +0100 http://www.security-net.biz/wsw/index.php?p=233&n=195&bl=264 http://www.security-net.biz/wsw/index.php?p=233&n=195&bl=264 <span style="font-weight: bold;">- Tip sajta:</span> Online izdanje biznis casopisa<br /><span style="font-weight: bold;">- Tip propusta:</span> XSS<br /><span style="font-weight: bold;">- Detalji:</span> Logika za prikazivanje gresaka prihvata specijalne html karaktere i stampa ih u okviru poruke o gresci.<br /><span style="font-weight: bold;">- Savet:</span> Pretvorite specijalne karaktere u odgovarajuce html entitete.<br /><span style="font-weight: bold;">- Pronasao:</span> <a target="_blank" href="http://www.security-net.biz/">Ivan Markovic</a> Mon, 08 Dec 2008 05:35:30 +0100 http://www.security-net.biz/wsw/index.php?p=233&n=195&bl=257 http://www.security-net.biz/wsw/index.php?p=233&n=195&bl=257 - <span style="font-weight: bold;">Tip sajta:</span> Drzavna institucija<br />- <span style="font-weight: bold;">Tip propusta:</span> XSS<br />- <span style="font-weight: bold;">Detalji:</span> Parametar za pretragu se stampa direktno u HTML kod stranice.<br />- <span style="font-weight: bold;">Savet:</span> Pretvoriti sve vrednosti koje se stampaju u okviru stranice, u svoje html entitete.<br />- <span style="font-weight: bold;">Pronasao</span>: <a target="_blank" href="http://blog.vijatov.com">Nenad Vijatov</a> Wed, 05 Nov 2008 05:01:18 +0100