Hi Mark, and all other swiki friends.
Any plans to post this project to sourcefourge or similar places?
Date: Wed, 5 Mar 2008 20:04:37 -0500From: [EMAIL PROTECTED]: [EMAIL PROTECTED];
[EMAIL PROTECTED]: Re: [Pws] FW: [Swiki-bugs] SWIKI 1.5 Cross-Site Scripting
Thanks, Antonia -- and Hal!To respond to Hal's question: No, at this time, I
have no plans to produce any updates to the Swiki software. I don't know if
Jeff Rick is planning any (or even if he's reading on this list anymore). If
anyone would like to become the Champion for the Swiki software, I'd welcome
that!Mark-----Original Message-----From: [EMAIL PROTECTED] on behalf of Antonio
BarrosSent: Wed 3/5/2008 5:37 PMTo: [EMAIL PROTECTED]: Re: [Pws] FW:
[Swiki-bugs] SWIKI 1.5 Cross-Site ScriptingDear Professor Mark,I think this
short article can help "Cross site scripting (XSS) attacks are often seen as a
powerless hack. While this is true in some cases, for the most part the impact
of an XSS vulnerability is left up to the imagination and talent of the
attacker..." <http:// www.informit.com/articles/article.aspx?p=603037>.I am not
a security expert, but I think this can happen in the swiki home and in any
page with edit permission or "add to the page" button.My best,Antonio
BarrosBrazilEm 05/03/2008, às 18:31, Guzdial, Mark escreveu:> I'm not even sure
I grok the question...>>> -----Original Message-----> From: [EMAIL PROTECTED]
on behalf of > [EMAIL PROTECTED]> Sent: Wed 3/5/2008 4:23 PM> To: [EMAIL
PROTECTED]> Subject: [Swiki-bugs] SWIKI 1.5 Cross-Site Scripting>> Swiki-Bugs,>
FYI there is a XSS vuln in Swiki 1.5 exploitable by:>>
http://[host]:8000/<script>alert("XSS");</script>>> I would like to post to
bugtraq so please let me know when it has been> fixed! Thanks!>> --> Brad
Antoniewicz> Senior Security Consultant> Foundstone Professional Services> A
Division of McAfee> http://www.foundstone.com>> [EMAIL PROTECTED]> (O)
646.728.1493> (C) 347.801.5864> (F) 212.869.6720> 1133 Avenue of the Americas>
New York, NY 10036> PGP Key:
http://www.foundstone.com/us/pgpkeys/bradantoniewicz.asc> Blog:
http://www.avertlabs.com/research/blog/>>>
_______________________________________________> Swiki-bugs mailing list>
[EMAIL PROTECTED]> https://mailman.cc.gatech.edu/mailman/listinfo/swiki-bugs>>>
_______________________________________________> Pws mailing list>
Pws@cc.gatech.edu>
https://mailman.cc.gatech.edu/mailman/listinfo/pws_______________________________________________Pws
mailing [EMAIL PROTECTED]://mailman.cc.gatech.edu/mailman/listinfo/pws
_________________________________________________________________
Climb to the top of the charts! Play the word scramble challenge with star
power.
http://club.live.com/star_shuffle.aspx?icid=starshuffle_wlmailtextlink_jan_______________________________________________
Pws mailing list
Pws@cc.gatech.edu
https://mailman.cc.gatech.edu/mailman/listinfo/pws
