VisualSentinel 0.7 Cross Agent Scripting # Discovered by: Alfredo Panzera, Opencosmo Security # Software vendor: http://www.opencosmo.com # Date: 31-05-2008 # Vulnerability: The vulnerability consists on inject javascript code falsify the user agent's attacker during an attack and then save in the log the user agent falsified. # Vulnerable string: $user_useragent = $_SERVER ['HTTP_USER_AGENT']; # Solution: The development team has promptly issued a patch the vulnerability. You can download the latest version from the download page. http://www.opencosmo.com/product-1.html ############################################################################## Opencosmo Security http://www.opencosmo.com
