Plop ? la XSS swfupload n'est pas complètement corrigée, cf ci-dessous.
---------- Forwarded message ----------
From: mala <mala(a)ma.la>
Date: 2013/5/7
Subject: [Open Time] Fwd: XSS in dotclear
To: carnet.franck.paul(a)gmail.com
Bonjour,
Vous avez reçu un message venant de la page contact de votre blog.
Blog : Open Time
Message de : mala <mala(a)ma.la>
Site web :
Message :
-----------------------------------------------------------
---------- Forwarded message ----------
From: mala <mala(a)ma.la>
Date: Sat, May 4, 2013 at 5:50 PM
Subject: XSS in dotclear,
dotclear.org
To: security(a)dotclear.net
Dear dotclear security team,
Hi, I'm Japanese programmer/security researcher.
This is wrong method to fix vuln.
http://dev.dotclear.org/2.0/changeset/1115
Example:
http://dotclear.org/?pf=swfupload.swf#?&movieName="])}catch(e){a...
--
Franck