[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Is OWASP vulnerable ??

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] Is OWASP vulnerable ??
From: "Steven M. Christey" <coley@xxxxxxxxx>
Date: Mon, 12 Mar 2007 18:33:49 -0400 (EDT)

Not to reduce the high signal-to-noise ratio on this thread, but I
suspect there are lots of "eval injection" vulnerabilities in
Javascript-heavy applications, but they don't seem to be reported to
the usual places, or maybe people just call them XSS.  Perl, PHP, and
other interpreted languages have eval injection too, but at least
they're reported occasionally.

- Steve

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: [Full-disclosure] XSS on eplus.de, german mobile telephony provider
Next by Date: Re: [Full-disclosure] PHP import_request_variables() arbitrary variable overwrite
Previous by thread: Re: [Full-disclosure] Is OWASP vulnerable ??
Next by thread: [Full-disclosure] Exploit selling service up and running
Index(es):
- Date
- Thread