Vulnerability Development mailing list archives
Re: Operation TIPS
From: <iangreen () ao com au>
Date: 19 Aug 2002 01:50:39 -0000
In-Reply-To: <Pine.LNX.4.21.0207171036190.3241-100000 () 0 undisputed net> Having looked over the source I only see how it validates the data the user has supplied themselves. I don't see anywhere that names in the database are downloaded to the client. Maybe this would reveal itself if I tried numerous variations on the URL the form is sent to? "./insert_sendemail.jsp" ie. https://www.citizencorps.gov/citizen/jsp/insert_sendemail.jsp I have not tried this. Any further information? (Of course, this is only for my own educational purposes.)
Current thread:
- Re: Operation TIPS iangreen (Aug 19)
- <Possible follow-ups>
- RE: Operation TIPS Chief Financial Officer (Aug 19)