Bugtraq mailing list archives

RE: [Full-disclosure] XSS in Oracle default fcgi-bin/echo

From: paul.szabo () sydney edu au
Date: Thu, 14 Oct 2010 08:35:14 +1100

Dear Thor,

Amazing how people claim being logical ... sure sign they aren't!

... Irrespective of the method you choose to validate "bona-fide"
recipients of your PoC, you will have no control over what the
recipient chooses to do with it once they have it.  As such, logic
dictates that your PoC be considered "public" the moment you release
it. ...


Does logic dictate that all people are rabid pro-disclosure zealots,
who do not respect copyright, IP rights, nor gentle personal requests
for discretion?

... don't fool yourself into thinking you are somehow being
responsible ...


I do not own an over-inflated ego.

... or simply send the code to Oracle and ask them ...


Sorry to blow your assumption: sent to Oracle, ages ago, first thing.

Cheers, Paul

Paul Szabo   psz () maths usyd edu au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia

Current thread:

XSS in Oracle default fcgi-bin/echo paul . szabo (Oct 08)
- <Possible follow-ups>
- Re: XSS in Oracle default fcgi-bin/echo paul . szabo (Oct 13)
  - RE: [Full-disclosure] XSS in Oracle default fcgi-bin/echo Thor (Hammer of God) (Oct 13)
    - RE: [Full-disclosure] XSS in Oracle default fcgi-bin/echo paul . szabo (Oct 15)
    - RE: [Full-disclosure] XSS in Oracle default fcgi-bin/echo Thor (Hammer of God) (Oct 15)
    - RE: [Full-disclosure] XSS in Oracle default fcgi-bin/echo paul . szabo (Oct 15)
    - Re: [Full-disclosure] XSS in Oracle default fcgi-bin/echo Riyaz Walikar (Oct 18)