[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [hobbit] RE: Hobbit Security (Cross-Site Scripting)
- To: hobbit (at) hswn.dk
- Subject: Re: [hobbit] RE: Hobbit Security (Cross-Site Scripting)
- From: Stewart L <stewartl42 (at) gmail.com>
- Date: Fri, 19 Jun 2009 11:18:52 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=+KiFOtFUwA53OT8zlwZx/vMgNP3yUTEltcoIwh70ceA=; b=RpSeXBzpF1zdX6/IcCeYeVhFEGZ3HvWbA4O73pnMrB43Cus2N1kpDexM6kUoqch4Gy czfNobQTahYjvFyb2ZpRfBxT+JA8MX6RBcehqOGLnxXOhfe0xaG0J1c3mKHuJ2DzQDdf gLQKyv0b+h3M3n9+Oed4affkCBdeRlbJGJZd8=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=g1EVSvZ8ixN3MVlAe5WgkG8JdirKL46GzzbcyuFfpTkoxeQ2eEUv81eFGmPofT42e7 0Qt6j+mMAAYoCUjQtPRvzlqw2w0bnqzCmyWb/uy4gf56Xlo53xwCJuVC7/7rlL+TS/8J rBZL0jGOPP1akyFUbJ55Vyj04Mx3LmHArhpmQ=
- References: <-8133375572309883644 (at) unknownmsgid> <1d23acab0906190720i50cf5e1ay57fcd8dede10e5af (at) mail.gmail.com> <3603650137414679932 (at) unknownmsgid>
It's usually a bit more complicated that just quoting the user input. I'm
actually scanning a fresh install with IBM Appscan Enterprise when you
mentioned it... :)
On Fri, Jun 19, 2009 at 11:09 AM, David Cecchino <
david.cecchino (at) datacure.com> wrote:
> HP Webinspect scans of xymon show it is vulnerable to XSS , is there a
> way of putting quotes around the url variables/strings?
>
>
>
>
>
--
Stewart
--
An infinite number of mathematicians walk into a bar. The first one orders a
beer. The second orders half a beer. The third, a quarter of a beer. The
bartender says "You're all idiots", and pours two beers.