Webroot's polish online shop vulnerable to the same XSS for 5 years
I discovered XSS vulnerability on Webroot's polish online shop 5 years ago. Today I thought that maybe I should check whether they learn from past mistakes. I have checked the same page: http://wrpolska.pl/sklep/search.php and it turned out to be still vulnerable to the same XSS I found 5 years ago...PoC:
Code
http://wrpolska.pl/sklep/search.php?orderby=position&orderway=desc&search_query="><h1>XSS found by Team Elite</h1>
Code
http://wrpolska.pl/sklep/search.php?orderby=position&orderway=desc&search_query="><img src=http://te-home.net/images/logo.png>
Webroot has an article on their website titled: What exactly is Cross Site Scripting (XSS). Maybe it's time to use knowledge from this article to protect yourself?
Note: This is a proof of concept and it doesn't reflect the views or interests of above websites.
FlylinkDC++ r504
This official FlylinkDC++ r504 installer was put into ZIP archive due to unavailability of sharing pure executable files on our website.Changes in r504
https://github.com/pavel-pimenov/flylinkdc-r5xx/commits/master
File information: FlylinkDC++ r504
StrongDC++ 2.42
These official StrongDC++ 2.42 x86 + x64 installers were put into ZIP archive due to unavailability of sharing pure executable files on our website.Changes in 2.42
* DC++ 0.777 core synchronization* added automatic incoming connection type detection
* stability fixes
* added option to disable Explorer theming in listviews and treeviews
* hopefully fixed throttling with very large speeds
* DHT fixes
* updated internal libraries (OpenSSL, BZip2, ZLIB, boost) - fixes some security issues
* removed STLPort dependency
* performance tweaks
* added support to set favorite hub encoding
* DC++ emulation is off by default (for non-favorite hubs)
* webserver encoding changed to utf-8
* webserver session timeout changed to 10 minutes
File information: StrongDC++ 2.42
EiskaltDC++ 2.2.9
This official EiskaltDC++ 2.2.9 x86 installer was put into ZIP archive due to unavailability of sharing pure executable files on our website.Changes in 2.2.9
*** common changes **** Fixed build with GCC < 4.6 and Clang < 3.1. This is the last release with support of old compilers.
* Fixed cmake rules for building with sr@latin localization.
* Small code refactoring and optimisation.
*** eiskaltdcpp-qt ***
* Improvements in search widget: now progress bar works as expected.
* Fixed segmentation fault on right click at some nicknames in public chats.
* Fixed SIGABRT during closing Tic-Tac-Toe QML widget.
* Fixed SIGABRT on program exit when QtScript "LogManager View" is active.
* A number of improvements for Mac OS X:
- disabled system tray functionality (it never worked there as expected)
- added special program menu to the dock icon
- now program is hided into dock instead of exiting by the click on window close button
- added platform-specific code to handle left click on program icon in dock (now it works as in native Mac OS X programs)
- added dock icon jumping when there are new unread personal messages
- added support for Retina displays (fonts are rendered in high resolution when program built with Qt 4.8.x) [Thanks to Dmitry Arkhipov who showed developers how Mac OS X looks like]
* Some platform-specific improvements in settings dialog: hided options which do not work in Mac OS X, MS Windows or Haiku.
*** eiskaltdcpp-gtk ***
* Improvements in search widget: now progress bar works as expected.
* Fixed SIGABRT when gdk_display_get_default() returns NULL.
*** eiskaltdcpp-daemon ***
* Fixed check of log file existence in daemon mode (see --syslog and --log command-line options).
*** eiskaltdcpp-cli ***
* Fixed work with libjson-rpc-perl >= 1.00 (module JSON::RPC::Client was moved to JSON::RPC::Legacy::Client there). [Thanks to Damyan Ivanov]
File information: EiskaltDC++ 2.2.9
DC++ 0.867
This official DC++ 0.867 installer was put into ZIP archive due to unavailability of sharing pure executable files on our website.Changes in 0.867
[L#1722364] Prevent remote crashes from malevolent UDP data (maksis)
File information: DC++ 0.867