WebApp Sec mailing list archives
what does this allow ?
From: Vince Hoffman <Vince.Hoffman () uk circle com>
Date: Thu, 19 Jun 2003 10:20:20 +0100
Hi all, I was running a routine nessus scan on some servers i administrate and one of them gave me a warning of The following requests seem to allow the reading of sensitive files or XSS. You should manually try them to see if anything bad happens : /default.asp?gateway=<script>alert('foo')</script> I tried that and it worked, I forwarded it to a developer for that machine and he didnt seem worried by it. Should he be ? A bit vague i know but webapps arent realy my forte. Thanks, Vince
Current thread:
- what does this allow ? Vince Hoffman (Jun 19)
- Re: what does this allow ? Kevin Spett (Jun 19)
- Re: what does this allow ? Gary H. Jones II (Jun 19)
- <Possible follow-ups>
- Fwd: what does this allow ? Peter Wood (Jun 19)
- RE: what does this allow ? Calderon, Juan C (EM, DDEMESIS) (Jun 19)
- RE: what does this allow ? Vince Hoffman (Jun 19)