** Update 05/31 **
Here are more details:
http://spl0it.org/files/BASE-XSS/Persistent-notes.txt
http://spl0it.org/files/BASE-XSS/Persis ... -notes.txt
http://spl0it.org/files/BASE-CSRF/notes.txt
http://spl0it.org/files/BASE-XSS/Reflective-notes.txt
Basic Analysis and Security Engine (BASE) is a well known PHP frontend to the Snort Intrusion Detection System. The latest version is 1.4.2. This version contains both Persistent and Reflective Cross-Site Scripting.
Examples:
http://spl0it.org/files/BASE-XSS/BASE-XSS-AddGroup.png
http://spl0it.org/files/BASE-XSS/BASE-X ... onfirm.png
http://spl0it.org/files/BASE-XSS/BASE-XSS-Search.png
http://spl0it.org/files/BASE-XSS/BASE-X ... onfirm.png
The issue is due to a lack of validation on the user input and likely affects other versions as well.
"All your BASE are belong to us."
It's funny, that this is actually true.
Regards,
Jabra
[ 6 comments ] ( 60 views ) [ 0 trackbacks ] permalink Here are more details:
http://spl0it.org/files/BASE-XSS/Persistent-notes.txt
http://spl0it.org/files/BASE-XSS/Persis ... -notes.txt
http://spl0it.org/files/BASE-CSRF/notes.txt
http://spl0it.org/files/BASE-XSS/Reflective-notes.txt
Basic Analysis and Security Engine (BASE) is a well known PHP frontend to the Snort Intrusion Detection System. The latest version is 1.4.2. This version contains both Persistent and Reflective Cross-Site Scripting.
;)
;)
;)
;)
Examples:
http://spl0it.org/files/BASE-XSS/BASE-XSS-AddGroup.png
http://spl0it.org/files/BASE-XSS/BASE-X ... onfirm.png
http://spl0it.org/files/BASE-XSS/BASE-XSS-Search.png
http://spl0it.org/files/BASE-XSS/BASE-X ... onfirm.png
The issue is due to a lack of validation on the user input and likely affects other versions as well.
"All your BASE are belong to us."
It's funny, that this is actually true.
Regards,
Jabra
( 3 / 122 )
Most Recent Entries
