Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

gtcatalog <= 0.9.1 (index.php) Remote File Include Vulnerability

LetterIt v2 (inc/session. php) Remote File Include Vulnerability

FreeWebshop <=2.2.2 [local file include & xss]

Immediacy .NET CMS possibly vulnerable to Cross Site Scripting through a malformed cookie

From:	David Kierznowski <david.kierznowski_(at)_gmail.com>
Date:	09.11.2006
Subject:	[Full-disclosure] RSS Injection in Sage part 2

RSS Injection is Sage part 2

2 months ago, both pdp and myself released a vulnerability and proof
of concept exploit for Sage. (see:
http://michaeldaw.org/md-hacks/cross-context-scripting-with-sage/).
This issue was resolved in Sage release 1.3.7 (
http://mozdev.org/bugs/show_bug.cgi?id=15101). I  found a new
vulnerability which affects the latest version, Sage 1.3.8. In
addition to the XSS vulnerability, it should be noted (as with the
previous vulnerability) this issue occurs within the Local Browser
Context. This means arbitrary file access etc.

Full details and POC can be found at:
http://michaeldaw.org/md-hacks/rss-injection-in-sage-part-2/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/