Hi Mark, and all other swiki friends.
Any plans to post this project to sourcefourge or similar places?
Date: Wed, 5 Mar 2008 20:04:37 -0500From: [EMAIL PROTECTED]: [EMAIL PROTECTED];
[EMAIL PROTECTED]: Re: [Pws] FW: [Swiki-bugs] SWIKI 1.5 Cross-Site Scripting
Thanks, Antonia -- and Hal!To respond to Hal's question: No, at this time, I
have no plans to produce any updates to the Swiki software. I don't know if
Jeff Rick is planning any (or even if he's reading on this list anymore). If
anyone would like to become the Champion for the Swiki software, I'd welcome
that!Mark-Original Message-From: [EMAIL PROTECTED] on behalf of Antonio
BarrosSent: Wed 3/5/2008 5:37 PMTo: [EMAIL PROTECTED]: Re: [Pws] FW:
[Swiki-bugs] SWIKI 1.5 Cross-Site ScriptingDear Professor Mark,I think this
short article can help Cross site scripting (XSS) attacks are often seen as a
powerless hack. While this is true in some cases, for the most part the impact
of an XSS vulnerability is left up to the imagination and talent of the
attacker... http:// www.informit.com/articles/article.aspx?p=603037.I am not
a security expert, but I think this can happen in the swiki home and in any
page with edit permission or add to the page button.My best,Antonio
BarrosBrazilEm 05/03/2008, às 18:31, Guzdial, Mark escreveu: I'm not even sure
I grok the question... -Original Message- From: [EMAIL PROTECTED]
on behalf of [EMAIL PROTECTED] Sent: Wed 3/5/2008 4:23 PM To: [EMAIL
PROTECTED] Subject: [Swiki-bugs] SWIKI 1.5 Cross-Site Scripting Swiki-Bugs,
FYI there is a XSS vuln in Swiki 1.5 exploitable by:
http://[host]:8000/scriptalert(XSS);/script I would like to post to
bugtraq so please let me know when it has been fixed! Thanks! -- Brad
Antoniewicz Senior Security Consultant Foundstone Professional Services A
Division of McAfee http://www.foundstone.com [EMAIL PROTECTED] (O)
646.728.1493 (C) 347.801.5864 (F) 212.869.6720 1133 Avenue of the Americas
New York, NY 10036 PGP Key:
http://www.foundstone.com/us/pgpkeys/bradantoniewicz.asc Blog:
http://www.avertlabs.com/research/blog/
___ Swiki-bugs mailing list
[EMAIL PROTECTED] https://mailman.cc.gatech.edu/mailman/listinfo/swiki-bugs
___ Pws mailing list
Pws@cc.gatech.edu
https://mailman.cc.gatech.edu/mailman/listinfo/pws___Pws
mailing [EMAIL PROTECTED]://mailman.cc.gatech.edu/mailman/listinfo/pws
_
Climb to the top of the charts! Play the word scramble challenge with star
power.
http://club.live.com/star_shuffle.aspx?icid=starshuffle_wlmailtextlink_jan___
Pws mailing list
Pws@cc.gatech.edu
https://mailman.cc.gatech.edu/mailman/listinfo/pws