Also: XSS in Java apps http://www.google.com/codesearch?hl=en&lr=&q=%3C%25% 3D.*getParameter&btnG=Search
(Obvious) SQL Injection in Java apps: http://www.google.com/codesearch? hl=en&lr=&q=executeQuery.*getParameter&btnG=Search XSS in code from O'Reilly and Sun: http://www.google.com/codesearch?hl=en&lr=&q=%3C%25%3D.*getParameter +package%3A%28oreilly.com%7Csun.com%29&btnG=Search El 6 Oct 2006, a las 07:45, Gadi Evron escribió: > Another guy just wrote some more fun keyw ords to search for: > http://blogs.securiteam.com/index.php/archives/661 > > On Thu, 5 Oct 2006, Gadi Evron wrote: > >> playing with Google Code Search, as Lev Toger just wrote: >> >> Google released a code search engine to catch up with Krugle, >> Koders, and >> Codease. >> >> Like most of the other Google?s tools it can be easily abused for >> hacking >> :) >> >> To find undisclosed vulnerabilities pass over this code: >> >> http://www.google.com/codesearch?q=ugly%7Chack%7Cfixme >> >> Or some other interesting combination (Use your favorite ugly code >> comment). >> ----- >> >> http://blogs.securiteam.com/index.php/archives/659 >> >> SO... ugly? dirty hack? >> >> Gadi. >> >> > > _______________________________________________ > Secure Coding mailing list (SC-L) > SC-L@securecoding.org > List information, subscriptions, etc - http://krvw.com/mailman/ > listinfo/sc-l > List charter available at - http://www.securecoding.org/list/ > charter.php -- Stephen de Vries Corsaire Ltd E-mail: [EMAIL PROTECTED] Tel: +44 1483 226014 Fax: +44 1483 226068 Web: http://www.corsaire.com _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php