Bugtraq mailing list archives
Re: Hushmail.com accounts vulnerable to script attack.
From: Brian Smith <sundaydriver () hushmail com>
Date: 13 Sep 2001 15:57:15 -0000
The vulnerability has been fixed. We have no record of a notification on September 5th, or we certainly would have fixed this earlier. It was a very straightforward issue involving a failure to use the htmlspecialchars() PHP function in that area of the code. It is our general practice to always use this method when displaying information using PHP in order to avoid such scripting vulnerabilities, and we regret the unfortunate oversight. Many thanks to 1; and everyone else who has helped us keep HushMail secure in the past. Brian Smith Vice President, Engineering Hush Communications brian.smith () hush com
TOPIC: Hushmail.com accounts vulnerable to
script attack.
ADVISORY NR: 200102 DATE: 12-09-01 VULNERABILITY FOUND AND WRITTEN BY: 1;
(One Semicolon)
Current thread:
- Hushmail.com accounts vulnerable to script attack. onesemicolon (Sep 12)
- <Possible follow-ups>
- Re: Hushmail.com accounts vulnerable to script attack. Brian Smith (Sep 13)
- Re: Hushmail.com accounts vulnerable to script attack. Friday Germany (Sep 14)
- Re: Hushmail.com accounts vulnerable to script attack. Brian Smith (Sep 18)