WebApp Sec mailing list archives
Re: what does this allow ?
From: "Gary H. Jones II" <gary () pointblanksecurity com>
Date: Thu, 19 Jun 2003 13:08:34 -0400
Vince, Here is the advisory written by CERT back in 2000, I think this will give you a better understanding on the effects of Cross Site Scripting bugs. http://www.cert.org/advisories/CA-2000-02.html ----- Original Message ----- From: "Vince Hoffman" <Vince.Hoffman () uk circle com> To: <webappsec () securityfocus com> Sent: Thursday, June 19, 2003 5:20 AM Subject: what does this allow ?
Hi all, I was running a routine nessus scan on some servers i administrate and one of them gave me a warning of The following requests seem to allow the reading of sensitive files or XSS. You should manually try them to see if anything
bad
happens : /default.asp?gateway=<script>alert('foo')</script> I tried that and it worked, I forwarded it to a developer for that machine and he didnt seem worried by it. Should he be ? A bit vague i know but webapps arent realy my forte. Thanks, Vince
Current thread:
- what does this allow ? Vince Hoffman (Jun 19)
- Re: what does this allow ? Kevin Spett (Jun 19)
- Re: what does this allow ? Gary H. Jones II (Jun 19)
- <Possible follow-ups>
- Fwd: what does this allow ? Peter Wood (Jun 19)
- RE: what does this allow ? Calderon, Juan C (EM, DDEMESIS) (Jun 19)
- RE: what does this allow ? Vince Hoffman (Jun 19)