HC's Capture the Flag website
CTF Contests
25C3-CTF

25C3-CTF final results

Advisory #56

From team Ailuropoda Melanoleucas

New advisory by : Samsa
Affected service(s): cgibas
Severity [lmh] : medium

===== Problem =====
Shoutbox doesn't filter html characters making it vulnerable to a xss attack.

===== Impact =====
Request may be forged : For instance, storing altered data.

===== Fix =====
Filter input to accept only alphanumeric characters.

Rating

[0] fix is not elaborated enough

Go back

---

Impressum