Martin Zvarík wrote:
Jan G.B. napsal(a):
2009/3/15 Martin Zvarík mzva...@gmail.com:
The browser will only execute script in source files from the
white-listed
domains and will disregard everything else, including embedded and
inline
scripts.
wtf, can't you just take care of the INPUT and
What's the point?
If user puts in a search input something like scriptalert('I am super
hacker');/script
And the website outputs:
You are searching for: script/script
then what? it shows an alert(), who cares?
I, as an owner of this website, don't mind AT ALL.
Aha, forget to mention
Martin Zvarík schreef:
What's the point?
If user puts in a search input something like scriptalert('I am super
hacker');/script
And the website outputs:
You are searching for: script/script
then what? it shows an alert(), who cares?
replace the alert() with some code that passes
Jochem Maas wrote:
Martin Zvarík schreef:
What's the point?
If user puts in a search input something like scriptalert('I am super
hacker');/script
And the website outputs:
You are searching for: script/script
then what? it shows an alert(), who cares?
replace the alert() with some
Jochem Maas napsal(a):
Martin Zvarík schreef:
What's the point?
If user puts in a search input something like scriptalert('I am super
hacker');/script
And the website outputs:
You are searching for: script/script
then what? it shows an alert(), who cares?
replace the alert()
Shawn McKenzie wrote:
Jochem Maas wrote:
Martin Zvarík schreef:
What's the point?
If user puts in a search input something like scriptalert('I am super
hacker');/script
And the website outputs:
You are searching for: script/script
then what? it shows an alert(), who cares?
replace
Martin Zvarík wrote:
What's the point?
The point is detailed on the (not fully complete) description page I
just put up -
http://www.clfsrpm.net/xss/
Namely, a lot of people who have web sites do not have the technical
capability to prevent their site from being used as an XSS vector to
Martin Zvarík schreef:
Jochem Maas napsal(a):
Martin Zvarík schreef:
What's the point?
If user puts in a search input something like scriptalert('I am super
hacker');/script
And the website outputs:
You are searching for: script/script
then what? it shows an alert(), who cares?
Michael A. Peters napsal(a):
Martin Zvarík wrote:
What's the point?
The point is detailed on the (not fully complete) description page I
just put up -
http://www.clfsrpm.net/xss/
Yeah, I just had a quick look...
The browser will only execute script in source files from the
white-listed
2009/3/15 Martin Zvarík mzva...@gmail.com:
The browser will only execute script in source files from the white-listed
domains and will disregard everything else, including embedded and inline
scripts.
wtf, can't you just take care of the INPUT and type
strip_tags($_GET['my_name']) ??
This
Jan G.B. napsal(a):
2009/3/15 Martin Zvarík mzva...@gmail.com:
The browser will only execute script in source files from the white-listed
domains and will disregard everything else, including embedded and inline
scripts.
wtf, can't you just take care of the INPUT and type
11 matches
Mail list logo