What great references. Owasp isn't the king of vulnerability information, of course a website named XSSed is going to count this as super serious, and while I respect Insecure.. these days, people have exploited web bugs to their max (and I'm waiting for more), but they aren't directly serious. DIRECTLY is the key word.
2009/3/25 yersinia <[email protected]> > 2009/3/24 Rubén Camarero <[email protected]> > >> If ATI and nVidia were web content developers, this may be a valid >> argument, but they are not. They are graphics vendors, hardware and >> software. Not to mention the fact that this isn't a "serious" issue. RFI is >> a serious issue, IMHO. >> > > Well, not everyone agreed with your opinion. > > http://www.owasp.org/index.php/Open_redirect > > > http://www.xssed.com/article/26/Open_redirect_vulnerabilities_definition_and_prevention/ > > > http://www.net-security.org/dl/insecure/INSECURE-Mag-17.pdf > > > -- Rubén Camarero CCNA, CISSP
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
