In-Reply-To: <20020322183112.26906.qmail@mail.securityfocus.com> Hi, Rootkidd seem to have made a mistake, excuse haste in post, the version should have been .7.0.3 rather than 7.0.3 ;) Decimalisation was not my strongest point. An update to this post, it seems that even their newer .7.10 version is vulnerable to css and csrf bugs in some manner or another, a mere manipulation of the URL post is all that is needed. There are a few more similar site module posts to make which will come after the developers have contacted or had a reasonable time to fix. -rootkidd Read, Learn, Share the knowledge >Received: (qmail 4662 invoked from network); 22 Mar 2002 22:28:16 -0000 >Received: from outgoing3.securityfocus.com (HELO outgoing.securityfocus.com) (66.38.151.27) > by mail.securityfocus.com with SMTP; 22 Mar 2002 22:28:16 -0000 >Received: from lists.securityfocus.com (lists.securityfocus.com [66.38.151.19]) > by outgoing.securityfocus.com (Postfix) with QMQP > id B98BCA535D; Fri, 22 Mar 2002 14:14:01 -0700 (MST) >Mailing-List: contact bugtraq- help@securityfocus.com; run by ezmlm >Precedence: bulk >List-Id: <bugtraq.list-id.securityfocus.com> >List-Post: <mailto:bugtraq@securityfocus.com> >List-Help: <mailto:bugtraq- help@securityfocus.com> >List-Unsubscribe: <mailto:bugtraq- unsubscribe@securityfocus.com> >List-Subscribe: <mailto:bugtraq- subscribe@securityfocus.com> >Delivered-To: mailing list bugtraq@securityfocus.com >Delivered-To: moderator for bugtraq@securityfocus.com >Received: (qmail 22689 invoked from network); 22 Mar 2002 18:29:11 -0000 >Date: 22 Mar 2002 18:31:12 -0000 >Message-ID: <2002032
