WebApp Sec mailing list archives
Re: Execution of Javascript from PERL
From: Martin Eiszner <martin () websec org>
Date: Thu, 17 Apr 2003 17:15:34 +0200
hola, On Thu, 17 Apr 2003 10:52:45 -0400 "Brass, Phil (ISS Atlanta)" <PBrass () iss net> wrote: **********
The real problem is not getting the JavaScript in the page to execute, it's getting it to execute in a meaningful context
********** from the security-testing point of view its not necessary to execute any script .. because: IF input "<script>thingstodo();</script>" LEADS TO output "<script>thingstodo();</script>" the application is definitively vulnerable !!! and it is a confuguration-issue to check for all "known" and "unknown" script-tags and -objects !! nice day, mEi -- WebSec.org / Martin Eiszner Gurkgasse 49/Top14 1140 Vienna Austria / EUROPE mei () websec org http://www.websec.org tel: 0043 699 121772 37
Current thread:
- Execution of Javascript from PERL EEshwar (Apr 17)
- Re: Execution of Javascript from PERL Alex Russell (Apr 17)
- <Possible follow-ups>
- RE: Execution of Javascript from PERL Brass, Phil (ISS Atlanta) (Apr 17)
- Re: Execution of Javascript from PERL Martin Eiszner (Apr 17)