moodle-xss.txt

`Dear [email protected],  
  
1.  
MustLive (mustlive at websecurity.com dot ua) reported crossite  
scripting vulnerability in Moodle 1.7.1 via search parameter of  
index.php, example:  
  
http://host/user/index.php?contextid=4&roleid=0&id=2&group=&perpage=20&search=%22style=xss:expression(alert(document.cookie))%20  
  
Detailed information (in Ukranian) http://websecurity.com.ua/1045/  
Original message (in Russian) http://securityvulns.ru/Rdocument391.html  
  
2.  
Durito [damagelab] (durito at mail dot ru) reported information leak  
in Liesbeth base CMS (Vendor: www.doubleflex.com), example:  
  
http://host/config.inc  
  
file accessible through Web contains sensitive information, including  
database account.  
  
Original message (in Russian) http://securityvulns.ru/Rdocument392.html  
  
--   
http://securityvulns.com/  
/\_/\  
{ , . } |\  
+--oQQo->{ ^ }<-----+ \  
| ZARAZA U 3APA3A } You know my name - look up my number (The Beatles)  
+-------------o66o--+ /  
|/  
  
`