Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
singapore v0.9.11 cross site scripting and path disclosure
Date: Sun Jun 12 2005 - 16:16:24 CDT
Because of singapores heavy use of classes it has multiple path disclosure occurences. The following pages all produced class related errors when navigating directly to them in your browser.
templates/admin_default/ all the .tpl.php files
templates/default/ all the the .tpl.php files
Also the gallery $_GET parameter on www.site.com/index.php is not properly checked leading to cross site scripting. We used http://www.site.com/index.php?gallery=%3Cimg%20onmouseover=%22alert('hi')%22%20style=%22position:%20absolute;%20top:0px;%20left:%200px;%20width:%201000%;%20height:%201000%;%22%3E
and other similar scripts to produce the xss.