[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Is OWASP vulnerable ??

To: Valdis.Kletnieks@xxxxxx
Subject: Re: [Full-disclosure] Is OWASP vulnerable ??
From: jf <jf@xxxxxxxxxxxxxxxxxxxx>
Date: Sun, 11 Mar 2007 12:21:05 +0000 (UTC)

> Paul, if you find a way to get something to execute an eval() with data that
> you control, and all you can get out of that is an information disclosure,
> you *really* need to find a new line of work.

Valdis, its javascript, as in client side, if you want to eval()
something on your machine, use notepad/vi. An undefined variable isn't
going to get you *anywhere* without some other bug, i.e. XSS, which makes
the undefined variable a moot point. *You* should consider a new line of
work.



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] Is OWASP vulnerable ??
  - From: czino2

References:
- [Full-disclosure] Is OWASP vulnerable ??
  - From: Scarlet Pimpernel
- Re: [Full-disclosure] Is OWASP vulnerable ??
  - From: Paul Schmehl
- Re: [Full-disclosure] Is OWASP vulnerable ??
  - From: Valdis . Kletnieks
- Re: [Full-disclosure] Is OWASP vulnerable ??
  - From: Paul Schmehl
- Re: [Full-disclosure] Is OWASP vulnerable ??
  - From: Valdis . Kletnieks

Prev by Date: Re: [Full-disclosure] Is OWASP vulnerable ??
Next by Date: [Full-disclosure] Firefox: about:blank is phisher's best friend
Previous by thread: Re: [Full-disclosure] Is OWASP vulnerable ??
Next by thread: Re: [Full-disclosure] Is OWASP vulnerable ??
Index(es):
- Date
- Thread