WebApp Sec mailing list archives

what does this allow ?

From: Vince Hoffman <Vince.Hoffman () uk circle com>
Date: Thu, 19 Jun 2003 10:20:20 +0100

Hi all,
        I was running a routine nessus scan on some servers i administrate
and one of them gave me a warning of

The following requests seem to allow the reading of
sensitive files or XSS. You should manually try them to see if anything bad
happens : 
/default.asp?gateway=<script>alert('foo')</script>

I tried that and it worked, I forwarded it to a developer for that machine
and he didnt seem worried by it. Should he be ?
A bit vague i know but webapps arent realy my forte.

Thanks,
Vince

Current thread:

what does this allow ? Vince Hoffman (Jun 19)
- Re: what does this allow ? Kevin Spett (Jun 19)
- Re: what does this allow ? Gary H. Jones II (Jun 19)
- <Possible follow-ups>
- Fwd: what does this allow ? Peter Wood (Jun 19)
- RE: what does this allow ? Calderon, Juan C (EM, DDEMESIS) (Jun 19)
- RE: what does this allow ? Vince Hoffman (Jun 19)