Hanno's blog

Entries tagged as gobi

Related tags

cve chromium debian firefox freesoftware ghost glibc helma javascript linux php redhat security vulnerability web xss ajax apache azure browser bypass clickjacking cryptography domain escapa ftp games google html itsecurity kde khtml konqueror lemmings microsoft modulobias mozilla mpaa newspaper password passwordalert random salinecourier subdomain userdir webcore websecurity xsa 0days 27c3 addresssanitizer adguard adobe aead aes afra aiglx algorithm altushost android antivir antivirus aok apt asan auskunftsanspruch axfr badkeys barcamp bash berlin berserk bias bigbluebutton bleichenbacher blog bodensee botnetz braunschweig bsi bsideshn bufferoverflow bugbounty bundesdatenschutzgesetz bundestrojaner bundesverfassungsgericht busby c ca cacert cbc ccc cccamp11 cellular certificate cfb chcounter chrome clamav clang cloudflare cmi cms code compiz conflictofinterest cookie crash crypto csrf darmstadt datenschutz deb dell deolalikar diffiehellman dingens diploma diplomarbeit distributions dns drupal easterhegg edellroot eff email encryption english eplus facebook fedora fileexfiltration firewall fortigate fortinet forwardsecrecy freak freewvs frequency fsfe fuzzing gajim gallery gcc gentoo gimp git gnupg gnutls gpg gsm gsoc gstreamer hackerone hacking hannover hash heartbleed http https infoleak informationdisclosure internetscan ircbot jabber jodconverter joomla karlsruhe kaspersky key keyexchange komodia leak lessig libreoffice luckythirteen malware maninthemiddle mantis math md5 memorysafety mephisto milleniumproblems mitm mobilephones moodle mplayer mrmcd mrmcd100b mrmcd101b multimedia mysql napster nessus netfiltersdk nist nss ntp ntpd observatory onlinedurchsuchung openbsc openbts openleaks openpgp openssl openvas osmocombb otr owncloud packagemanagement padding panda papierlos passwort passwörter pdo pgp phishing pnp poodle privacy privatekey privdog protocolfilters provablesecurity pss python rand rc2 rhein rpm rsa rsapss rss s9y schlüssel science serendipity server session sha1 sha2 sha256 sha512 shellbot shellshock sicherheit signatures slides smime snallygaster sni sniffing spam sqlinjection squirrelmail ssl staatsanwaltschaft stacktrace study stuttgart sunras superfish support talk taz thesis tls tlsdate toendacms transvalid überwachung ubuntu unicef unicode update updates useafterfree utf-8 verschlüsselung virus vlc vortrag vulnerabilities webapps webmontag wiesbaden windows windowsxp wiretapping wordpress x509 xgl xine xmpp zerodays zugangsdaten zzuf acid3 base64 breach cookies crime css heist midori mod_rewrite samesite script time webdesign webkit webstandards content-security-policy csp okte

Thursday, July 12. 2007

XSS on helma/gobi

I still have some unresolved xss vulnerabilities around. It seems to be common practice by many web application developers and web designers to ignore such information.

This time we have gobi, a cms system based on the quite popular javascript application server helma.

http://int21.de/cve/CVE-2007-3693-gobi.txt

More to come. As this xss stuff is far too easy (try some common strings in web forms, inform the author, publish some weeks later), I think about doing some kind of automated mechanism to search and report those vulnerabilities.

Posted by Hanno Böck in English, Security, Webdesign at 00:44 | Comments (0) | Trackbacks (0)

Defined tags for this entry: cve, gobi, helma, javascript, security, web, xss

(Page 1 of 1, totaling 1 entries)

About

This blog is written by Hanno Böck. Unless noted otherwise, its content is licensed as CC0.

You can find my web page with links to my work as a journalist here.

I am also publishing a newsletter about climate change and decarbonization technologies.

The blog uses the free software Serendipity and is hosted at schokokeks.org.

Hanno on Mastodon | Contact / Imprint | Privacy / Datenschutz