|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Full-disclosure] Live is live
Valdis.Kletnieks
vt.edu
Date: Wed Sep 20 2006 - 12:10:39 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, 20 Sep 2006 16:48:36 BST, Jason Duke said:
> To be fair to Microsoft here, the web server has stopped an XSS attack
> happening rather than enabled an XSS attack.
>
> The error page may not be pretty but it isn't dangerous , at least from
> the example you sent.
On the other hand, being unable to recover well enough to present a
pretty error page indicates that the error handling is still shaky at
best, and probably a productive target for attitional attempts...
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFFEXYPcC3lWbTT17ARAoGMAJ9JT23j+dDcFXFikrofwNSk0GA5QQCguDLU
bVGHYWaPGWhFLCoxvRScmDc=
=rAtq
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]