Full Disclosure mailing list archives
Re: Mambo CMS 4.6.x (4.6.5) | Multiple Cross Site Scripting Vulnerabilities
From: YGN Ethical Hacker Group <lists () yehg net>
Date: Tue, 28 Jun 2011 11:04:46 +0800
Did you really test a code base that is a version of an old Joomla base
No
or did you look at the code, and test old Joomla bugs against it?
No The XSS results are from purely blackbox scan on Mambo 4.6.5. Joomla (Joomla! 1.0.0) was released on September 16, 2005. It was a re-branded release of Mambo 4.5.2.3 which, itself, was combined with other bug and moderate-level security fixes.
From that statement, it can be assumed that the code bases of Mambo
4.5.2.4 and higher are different from those of Joomla! 1.1 and higher. As you can say so, we may sync old Joomla! 1.x bugs in Mambo 4.6.x. But it may be time-consuming to analyze the code changes and validity of bugs in each version of both CMS. https://secure.wikimedia.org/wikipedia/en/wiki/Joomla http://www.joomla.org/announcements/general-news/154-introducing-joomla-10.html
I thought these were found in Joomla ages ago?
No.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Mambo CMS 4.6.x (4.6.5) | Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group (Jun 27)
- Re: Mambo CMS 4.6.x (4.6.5) | Multiple Cross Site Scripting Vulnerabilities Jacqui Caren-home (Jun 27)
- Re: Mambo CMS 4.6.x (4.6.5) | Multiple Cross Site Scripting Vulnerabilities YGN Ethical Hacker Group (Jun 27)
- Re: Mambo CMS 4.6.x (4.6.5) | Multiple Cross Site Scripting Vulnerabilities Jacqui Caren-home (Jun 27)