Few days ago I found a pretty cool site - TurnKeyLinux. You will find there ready-to-go, pre-installed webapps. I decided to findout if there is also OTRS ready to check... Few notes below.
Version I found at TurnKey's webpage was (AFAIR) 3.3.9. During your 'blackbox testing' you'll probably see that there are multiple XSS bugs. This is how I found "few of them":
Response should be similar to the one below:
Results in your browser should look like this:
Because I found that there are also some other bugs, I decide to check it in other way:
Some verification ;)
And now some more:
...and more...
;]
I don't think that this is the 'latest available version', so probably all of those bugs are already patched.
Anyway, stay secure ;)
Cheers
Brak komentarzy:
Prześlij komentarz