[ic] Interchange security releases: 5.7.6, 5.6.3, 5.4.5
Justin Otten
justino at fragrancenet.com
Thu Mar 25 16:07:03 UTC 2010
Grant Wrote:
> What is it about a custom page that can make it vulnerable?
>
A custom page that uses the [bounce] tag *could* be affected. Not just any
custom page.
The [bounce] tag crafts a 'Location' header based on the params you supply.
If you don't
pre-scrub the data for newlines, then it is potentially vulnerable.
--
Regards,
Justin Otten
FragranceNet.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.icdevgroup.org/pipermail/interchange-users/attachments/20100325/6ba7e3b1/attachment.htm>
More information about the interchange-users
mailing list