security issues

Proyecto:Web
Componente:Main
Categoría:informe de fallo
Prioridad:normal
Asignado:No asignado
Estado:closed
Descripción

A fellow on IRC (tomreyn) reported following:

you have an https://www.owasp.org/index.php/Open_redirect at http://trisquel.info/sites/countclick.php?url=http://microsoft.com

here's an xml injection: http://trisquel.info/sites/pfs.php?mime=%22%3E%0A%3C/RDF:Description%3E%0A%3CINJECTED%20injected=%22injected%22%3E%0A%3C/INJECTED%3E%0A%3CRDF:Description%20x=%22

Dom, 01/11/2015 - 23:07
Estado:active» fixed

Fixed both scripts.

Dom, 01/25/2015 - 23:10
Estado:fixed» closed

Automatically closed -- issue fixed for 2 weeks with no activity.