<<< Date Index >>>     <<< Thread Index >>>

Re: Milliscript 1.4 Multiple Vulnerabilities



Hello,

I never read anything else from you.
I checked the points you told me (bug in milliscripts redirection when
checking $domainname for example), but they are not true.
In /include/functions.php, *every* input is checked for validation.
The functions are called:
check_domain($dname)
check_domain2($dname, $extension)
check_string($string)
verify_email($email
check_forbidden($url1)

No invalid input can reach the script, there is no possibility the an
url like this causes any problem or security issue:
http://www.server.net/red_14/register.php?do=register2&domainname=%22%3E%3Cscript%20src=http://serveratacker.com/script.js%3E%3C/script%3E&ext=somevaliddomain.net

Please test all scripts in content with the included files, like
functions.php. I don't know how you exactly test, but there can never
be any problems like you told them.
Please revise your security issue which never has been any.

Best regards

Alex