From: Paul Yibelo <habte.yibelo@gmail.com>
To: insight@sourceware.org
Subject: Sourceware Security Vulnerablity
Date: Tue, 09 Sep 2014 11:16:00 -0000 [thread overview]
Message-ID: <CAHv8Y_5wVyWCsjasGx7noqU0rhMtE4-cmVV_Z5LMLe29-w-5=w@mail.gmail.com> (raw)
Hey,
My name is Paul. I believe I discovered a very nice XSS in your
website sourceware.org. I coudnt find any other place to submit it so,
I just mailedy you here. you should have a bug submit page. :)
here is the payload
https://www.sourceware.org/cgi-bin/cvsweb.cgi/libc/login/programs%0A%0A<script>alert(0);</script>%0A%0A/pt_chown.c?rev=1.12&content-type=text/html&cvsroot=glibc&only_with_tag=MAIN
your error page doesnt sanitize input. hoping to hearing from you :D
Thanks,
Paul
reply other threads:[~2014-09-09 11:16 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHv8Y_5wVyWCsjasGx7noqU0rhMtE4-cmVV_Z5LMLe29-w-5=w@mail.gmail.com' \
--to=habte.yibelo@gmail.com \
--cc=insight@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).