Reflected XSS in Squert
69 views
Skip to first unread message
Manuel Mancera
Jul 27, 2016, 12:50:04 PM7/27/16
to security-onion
Hello, I reported a reflected cross site scripting vulnerability in Squert. https://github.com/int13h/squert/issues/76
I inform to this mailing list because Squert is being using in this linux distro, so if someone are contributing to Squert and has time to fix it...
I inform to this mailing list because Squert is being using in this linux distro, so if someone are contributing to Squert and has time to fix it...
Doug Burks
Jul 27, 2016, 12:59:29 PM7/27/16
to securit...@googlegroups.com
Hi Manuel,
I've created Issue 967 for this:
https://github.com/Security-Onion-Solutions/security-onion/issues/967
On Wed, Jul 27, 2016 at 12:49 PM, Manuel Mancera <sink...@gmail.com> wrote:
> Hello, I reported a reflected cross site scripting vulnerability in Squert. https://github.com/int13h/squert/issues/76
>
> I inform to this mailing list because Squert is being using in this linux distro, so if someone are contributing to Squert and has time to fix it...
>
> --
> Follow Security Onion on Twitter!
> https://twitter.com/securityonion
> ---
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at https://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.
--
Doug Burks
I've created Issue 967 for this:
https://github.com/Security-Onion-Solutions/security-onion/issues/967
On Wed, Jul 27, 2016 at 12:49 PM, Manuel Mancera <sink...@gmail.com> wrote:
> Hello, I reported a reflected cross site scripting vulnerability in Squert. https://github.com/int13h/squert/issues/76
>
> I inform to this mailing list because Squert is being using in this linux distro, so if someone are contributing to Squert and has time to fix it...
>
> Follow Security Onion on Twitter!
> https://twitter.com/securityonion
> ---
> You received this message because you are subscribed to the Google Groups "security-onion" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to security-onio...@googlegroups.com.
> To post to this group, send email to securit...@googlegroups.com.
> Visit this group at https://groups.google.com/group/security-onion.
> For more options, visit https://groups.google.com/d/optout.
--
Doug Burks
Doug Burks
Jul 28, 2016, 4:21:20 PM7/28/16
to securit...@googlegroups.com
I've packaged a new version of Squert which no longer has the
vulnerable web interface in ip2c.php. I've submitted that package to
our security-onion-testing mailing list for testing before release:
https://groups.google.com/d/topic/security-onion-testing/d1N7HF5y5u0/discussion
--
Doug Burks
vulnerable web interface in ip2c.php. I've submitted that package to
our security-onion-testing mailing list for testing before release:
https://groups.google.com/d/topic/security-onion-testing/d1N7HF5y5u0/discussion
Doug Burks
Doug Burks
Jul 28, 2016, 4:31:50 PM7/28/16
to securit...@googlegroups.com
Hi Wes,
My guess is you're not running securityonion-squert -
20141015-0ubuntu0securityonion16 as it hasn't finished copying to
ppa:securityonion/test yet.
My guess is you're not running securityonion-squert -
20141015-0ubuntu0securityonion16 as it hasn't finished copying to
ppa:securityonion/test yet.
Wes
Jul 28, 2016, 4:35:35 PM7/28/16
to security-onion
Of course, maybe I need to be more patient :)
Thanks,
Wes
Doug Burks
Jul 28, 2016, 4:40:57 PM7/28/16
to securit...@googlegroups.com
Launchpad reports that securityonion-squert -
20141015-0ubuntu0securityonion16 should be available now.
20141015-0ubuntu0securityonion16 should be available now.
Doug Burks
Jul 28, 2016, 4:42:05 PM7/28/16
to securit...@googlegroups.com
To clarify, Launchpad reports that securityonion-squert -
20141015-0ubuntu0securityonion16 should be available at
ppa:securityonion/test now. Please discuss via security-onion-testing
mailing list:
https://groups.google.com/d/topic/security-onion-testing/d1N7HF5y5u0/discussion
--
Doug Burks
20141015-0ubuntu0securityonion16 should be available at
ppa:securityonion/test now. Please discuss via security-onion-testing
mailing list:
https://groups.google.com/d/topic/security-onion-testing/d1N7HF5y5u0/discussion
Doug Burks
Doug Burks
Aug 2, 2016, 8:43:08 AM8/2/16
to securit...@googlegroups.com
Reply all
Reply to author
Forward
0 new messages