i'd be interested in discussing possibilities with other interested
participants.
je77? are you "list"ening? any input on your plans would be most
helpful.
hal
On Mar 6, 2008, at 12:21 AM, <[EMAIL PROTECTED]> wrote:
Hi Mark, and all other swiki friends.
Any plans to post this project to sourcefourge or similar places?
Date: Wed, 5 Mar 2008 20:04:37 -0500
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; [email protected]
Subject: Re: [Pws] FW: [Swiki-bugs] SWIKI 1.5 Cross-Site Scripting
Thanks, Antonia -- and Hal!
To respond to Hal's question: No, at this time, I have no plans to
produce any updates to the Swiki software. I don't know if Jeff
Rick is planning any (or even if he's reading on this list
anymore). If anyone would like to become the Champion for the Swiki
software, I'd welcome that!
Mark
-----Original Message-----
From: [EMAIL PROTECTED] on behalf of Antonio Barros
Sent: Wed 3/5/2008 5:37 PM
To: [email protected]
Subject: Re: [Pws] FW: [Swiki-bugs] SWIKI 1.5 Cross-Site Scripting
Dear Professor Mark,
I think this short article can help "Cross site scripting (XSS)
attacks are often seen as a powerless hack. While this is true in
some cases, for the most part the impact of an XSS vulnerability is
left up to the imagination and talent of the attacker..." <http://
www.informit.com/articles/article.aspx?p=603037>.
I am not a security expert, but I think this can happen in the swiki
home and in any page with edit permission or "add to the page"
button.
My best,
Antonio Barros
Brazil
Em 05/03/2008, às 18:31, Guzdial, Mark escreveu:
> I'm not even sure I grok the question...
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED] on behalf of
> [EMAIL PROTECTED]
> Sent: Wed 3/5/2008 4:23 PM
> To: [EMAIL PROTECTED]
> Subject: [Swiki-bugs] SWIKI 1.5 Cross-Site Scripting
>
> Swiki-Bugs,
> FYI there is a XSS vuln in Swiki 1.5 exploitable by:
>
> http://[host]:8000/<script>alert("XSS");</script>
>
> I would like to post to bugtraq so please let me know when it has
been
> fixed! Thanks!
>
> --
> Brad Antoniewicz
> Senior Security Consultant
> Foundstone Professional Services
> A Division of McAfee
> http://www.foundstone.com
>
> [EMAIL PROTECTED]
> (O) 646.728.1493
> (C) 347.801.5864
> (F) 212.869.6720
> 1133 Avenue of the Americas
> New York, NY 10036
> PGP Key: http://www.foundstone.com/us/pgpkeys/bradantoniewicz.asc
> Blog: http://www.avertlabs.com/research/blog/
>
>
> _______________________________________________
> Swiki-bugs mailing list
> [EMAIL PROTECTED]
> https://mailman.cc.gatech.edu/mailman/listinfo/swiki-bugs
>
>
> _______________________________________________
> Pws mailing list
> [email protected]
> https://mailman.cc.gatech.edu/mailman/listinfo/pws
_______________________________________________
Pws mailing list
[email protected]
https://mailman.cc.gatech.edu/mailman/listinfo/pws
Climb to the top of the charts! Play the word scramble challenge
with star power. Play now!
_______________________________________________
Pws mailing list
[email protected]
https://mailman.cc.gatech.edu/mailman/listinfo/pws
_______________________________________________
Pws mailing list
[email protected]
https://mailman.cc.gatech.edu/mailman/listinfo/pws
