[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-disclosure] XSS in Oracle default fcgi-bin/echo

To: bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx, thor@xxxxxxxxxxxxxxx
Subject: RE: [Full-disclosure] XSS in Oracle default fcgi-bin/echo
From: paul.szabo@xxxxxxxxxxxxx
Date: Thu, 14 Oct 2010 08:35:14 +1100

Dear Thor,

Amazing how people claim being logical ... sure sign they aren't!

> ... Irrespective of the method you choose to validate "bona-fide"
> recipients of your PoC, you will have no control over what the
> recipient chooses to do with it once they have it.  As such, logic
> dictates that your PoC be considered "public" the moment you release
> it. ...

Does logic dictate that all people are rabid pro-disclosure zealots,
who do not respect copyright, IP rights, nor gentle personal requests
for discretion?

> ... don't fool yourself into thinking you are somehow being
> responsible ...

I do not own an over-inflated ego.

> ... or simply send the code to Oracle and ask them ...

Sorry to blow your assumption: sent to Oracle, ages ago, first thing.

Cheers, Paul

Paul Szabo   psz@xxxxxxxxxxxxxxxxx   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia

Follow-Ups:
- Re: [Full-disclosure] XSS in Oracle default fcgi-bin/echo
  - From: Riyaz Walikar

References:
- RE: [Full-disclosure] XSS in Oracle default fcgi-bin/echo
  - From: Thor (Hammer of God)

Prev by Date: RE: [Full-disclosure] XSS in Oracle default fcgi-bin/echo
Next by Date: H2HC 2009 Videos Available!
Previous by thread: RE: [Full-disclosure] XSS in Oracle default fcgi-bin/echo
Next by thread: Re: [Full-disclosure] XSS in Oracle default fcgi-bin/echo
Index(es):
- Date
- Thread