Re: Execution of Javascript from PERL

hola,

On Thu, 17 Apr 2003 10:52:45 -0400
"Brass, Phil (ISS Atlanta)" <PBrass@iss.net> wrote:

from the security-testing point of view its not necessary to execute any script .. because:  

IF input

        "<script>thingstodo();</script>"
LEADS TO output

        "<script>thingstodo();</script>"

the application is definitively vulnerable !!!

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

and it is a confuguration-issue to check for all "known" and "unknown" script-tags and -objects !!

nice day,
mEi

-- 
WebSec.org / Martin Eiszner
Gurkgasse 49/Top14
1140 Vienna
Austria / EUROPE

mei@websec.org
http://www.websec.org
tel: 0043 699 121772 37