Search

About me

Informationen über meine Arbeit als freier Journalist finden Sie hier.

Johannes (Hanno) Böck
mail: hanno@hboeck.de
jabber: hanno@hboeck.de
gpg: BBB51E42
ssh: RSA, ECDSA


Hanno on Twitter
Hanno on identi.ca

Impressum

schokokeks.org


Twitter/identi.ca


Error on line 132 of /home/hanno/websites/blog.hboeck.de/htdocs/bundled-libs/Onyx/RSS.php: The specified file could not be opened. (#410)

Anzeigen

Events

04.07 - 07.07 - PQCrypto (14 Days)
05.07 - 07.07 - SIGINT (15 Days)
31.07 - 04.08 - OHM13 (41 Days)
01.10 - 02.10 - Open Access Tage (103 Days)
My pages
Picture gallery

Archives

Categories



All categories

Feeds

Tags

Creative Commons

CC0
Unless noted otherwise, all content is CC Zero / public domain

XSS on helma/gobi

Thursday, July 12. 2007, 00:44
I still have some unresolved xss vulnerabilities around. It seems to be common practice by many web application developers and web designers to ignore such information.

This time we have gobi, a cms system based on the quite popular javascript application server helma.

http://int21.de/cve/CVE-2007-3693-gobi.txt

More to come. As this xss stuff is far too easy (try some common strings in web forms, inform the author, publish some weeks later), I think about doing some kind of automated mechanism to search and report those vulnerabilities.
English, Security, Webdesign | Comments (0) | Trackbacks (0)
Defined tags for this entry: , , , , , ,
Related entries by tags:

Trackbacks
Trackback specific URI for this entry

No Trackbacks

Comments
Display comments as (Linear | Threaded)

No comments

Add Comment

Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
E-Mail addresses will not be displayed and will only be used for E-Mail notifications.