Hosting Provided By

Re: XSS

From: HarryM <harrym(at)the-group.org>
Date: Mon Dec 16 2002 - 01:23:45 EST

> In order for a site to be susceptible to XSS attacks, the site needs to

I haven't been following this thread, so apologies if someone has already covered this.

Although that's true, strictly speaking, don't let it lull you into a false sense of security - A site that takes input without reposting it can still be susceptible to a wide variety of attacks along the lines of SQL or special character injection. For example, a site that had an SQL database set up to record web statistics could be fed a malicious HTTP_REFERER field.

I said 'strictly speaking' above, since although this isn't XSS, it certainly falls under the same bracket (malicious input and/or lack of input validation)

Harry Received on Mon Dec 16 01:28:14 2002

This message: [ Message body ]
Next message: securityarchitect(at)hush.com: "XSS Strings"
Previous message: appsec(at)technicalinfo.net: "Re: XSS"
In reply to Ed Tracy (at) Aspect Security: "Re: XSS"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:46 EDT