Re: [Full-disclosure] Cross-Site Scripting attacks via redirectors in different browsers
- From: darky <mlistdarky@xxxxxxxxx>
- Date: Fri, 18 Sep 2009 20:21:16 +0200
MustLive said:
Hello Full-Disclosure!Or maybe cause it's not a browser security issue :)
I already sent this letter to Bugtraq at 6th of September, but they declined
to post it without any explanation - maybe it was due to some politic
reasons :-). Will see how it'll be with your list.
Escaping user's inputs depends from the context, that's all.
It's a server-side problem, the application must PROPERLY sanatise inputs.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- References:
- Prev by Date: Re: [Full-disclosure] Advisory: Crypto backdoor in Qnap storage devices (CVE-2009-3200)
- Next by Date: [Full-disclosure] [ GLSA 200909-18 ] nginx: Remote execution of arbitrary code
- Previous by thread: [Full-disclosure] Cross-Site Scripting attacks via redirectors in different browsers
- Next by thread: Re: [Full-disclosure] Cross-Site Scripting attacks via redirectors in different browsers
- Index(es):
