Full Disclosure mailing list archives

Re: [FDSA] Notepad Highly Critical Cross-Site Scripting (XSS) Vulnerability

From: M.B.Jr. <marcio.barbado () gmail com>
Date: Thu, 17 Jan 2008 18:33:08 -0200

Guess Fredrick's sarcastic and cynical suggestion is:

xss-like menaces seems as unstoppable as this web-slavery the industry imposes.

Well, if so, I agree.



On 1/17/08, BlackHawk <hawkgotyou () gmail com> wrote:

======
4) Fix
======

Notepad should be rewritten to filter potentially dangerous
characters. Characters can be converted to their html encoded
equivalents.


translated: you CAN'T write pages in HTML with any program..

Fredrick Diggle Security Services is probably the best application
security researchers on the scene this month. They have identified
several hundred thousand vulnerabilities this week[..]


i think you must read this: http://www.amazon.com/PCs-Dummies-Quick-Reference-Gookin/dp/0764507222


--
Best regards,
 BlackHawk                            mailto:hawkgotyou () gmail com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



-- 
Marcio Barbado, Jr.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

[FDSA] Notepad Highly Critical Cross-Site Scripting (XSS) Vulnerability Fredrick Diggle (Jan 17)
- Re: [FDSA] Notepad Highly Critical Cross-Site Scripting (XSS) Vulnerability Nate McFeters (Jan 17)
  - Re: [FDSA] Notepad Highly Critical Cross-Site Scripting (XSS) Vulnerability T Biehn (Jan 17)
  - Re: [FDSA] Notepad Highly Critical Cross-Site Scripting (XSS) Vulnerability M . B . Jr . (Jan 17)
- Re: [FDSA] Notepad Highly Critical Cross-Site Scripting (XSS) Vulnerability str0ke (Jan 17)
  - Re: [FDSA] Notepad Highly Critical Cross-Site Scripting (XSS) Vulnerability worried security (Jan 17)
- Re: [FDSA] Notepad Highly Critical Cross-Site Scripting (XSS) Vulnerability Sascha Roeske (Jan 17)
  - Re: [FDSA] Notepad Highly Critical Cross-Site Scripting (XSS) Vulnerability Fredrick Diggle (Jan 17)
- Re: [FDSA] Notepad Highly Critical Cross-Site Scripting (XSS) Vulnerability BlackHawk (Jan 17)
  - Re: [FDSA] Notepad Highly Critical Cross-Site Scripting (XSS) Vulnerability M . B . Jr . (Jan 17)