Full Disclosure mailing list archives
Re: Live is live
From: Valdis.Kletnieks () vt edu
Date: Wed, 20 Sep 2006 13:10:39 -0400
On Wed, 20 Sep 2006 16:48:36 BST, Jason Duke said:
To be fair to Microsoft here, the web server has stopped an XSS attack happening rather than enabled an XSS attack. The error page may not be pretty but it isn't dangerous , at least from the example you sent.
On the other hand, being unable to recover well enough to present a pretty error page indicates that the error handling is still shaky at best, and probably a productive target for attitional attempts...
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Live is live Fred Jupiter (Sep 20)
- Re: Live is live Jason Duke (Sep 20)
- Re: Live is live Valdis . Kletnieks (Sep 20)
- <Possible follow-ups>
- Live is Live bluepill (Sep 20)
- Re: Live is Live c0ntex (Sep 20)
- Re: Live is Live Thomas Pollet (Sep 22)
- Re: Live is Live c0ntex (Sep 20)
- Re: Live is live Jason Duke (Sep 20)