Bugtraq mailing list archives
FogBugz Cross Site Scripting Vulnerability
From: "M.Neset KABAKLI" <neset () wakiza com>
Date: Thu, 12 Jan 2006 13:15:03 +0200
I.Vulnerability FogBugz Cross Site Scripting Vulnerability II.Vendor Fog Creek Software (www.fogcreek.com) III.Affected Systems - FogBugz (<= 4.029) IV.About FogBugz is a complete web based project management system for software teams. Designed by Joel Spolsky of Joel on Software fame (www.fogcreek.com). V.Description An attacker is able to inject HTML and client-side script codes to FogBugz login page by modifying dest variabe. An example crafted link can be found below. VI.Exploit http://[fogbugz.example.com]/default.asp?pg=pgLogon&dest=[XSS] VII.Vulnerability Status - Vulnerability discovered on 2005-12-11. - Vendor notified on 2005-12-13. - Patch released on 2005-12-13. VIII.Credits M.Neset KABAKLI, Wakiza Software Technologies (www.wakiza.com).
Current thread:
- FogBugz Cross Site Scripting Vulnerability M.Neset KABAKLI (Jan 12)