[Full-disclosure] *****SPAM***** [WEB SECURITY] Re: Wordpress 2.3 Cross Domain Content Insertion- New vulnerability + exploit - xssworm.com
Andrew Farmer
andfarm at gmail.com
Wed Nov 14 02:47:32 GMT 2007
Spam detection software, running on the system "moonshine.electriccat.int", has
identified this incoming email as possible spam. The original message
has been attached to this so you can view it (if it isn't spam) or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: On 13 Nov 07, at 18:08, XSS Worm XSS Security Information
Portal wrote: > We have looked at coding for wp-slimstat but we cannot see
any > problem with > input validating. Maybe some of the xssworm.com readers
can show us > where > problem is in the php code because we cannot see any
porblem here: [...]
Content analysis details: (7.1 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
3.3 TVD_RCVD_IP4 TVD_RCVD_IP4
1.6 TVD_RCVD_IP TVD_RCVD_IP
2.1 DNS_FROM_RFC_BOGUSMX RBL: Envelope sender in bogusmx.rfc-ignorant.org
-------------- next part --------------
An embedded message was scrubbed...
From: unknown sender
Subject: no subject
Date: no date
Size: 38
Url: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20071113/a2908abb/attachment.mht
Full-Disclosure is hosted and sponsored by Secunia.