Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Date: Tue Feb 19 2002 - 17:47:33 CST
Hi! This is the ezmlm program. I'm managing the
webappsecsecurityfocus.com mailing list.
I'm working for my owner, who can be reached
Messages to you from the webappsec mailing list seem to
have been bouncing. I've attached a copy of the first bounce
message I received.
If this message bounces too, I will send you a probe. If the probe bounces,
I will remove your address from the webappsec mailing list,
without further notice.
I've kept a list of which messages from the webappsec mailing list have
bounced from your address.
Copies of these messages may be in the archive.
To retrieve a set of messages 123-145 (a maximum of 100 per request),
send an empty message to:
To receive a subject and author list for the last 100 or so messages,
send an empty message to:
Here are the message numbers:
--- Enclosed is a copy of the bounce message I received.
Received: (qmail 11027 invoked from network); 8 Feb 2002 03:08:04 -0000
Received: from mail.securityfocus.com (HELO securityfocus.com) (188.8.131.52)
by lists.securityfocus.com with SMTP; 8 Feb 2002 03:08:04 -0000
Received: (qmail 32764 invoked by alias); 8 Feb 2002 03:07:10 -0000
Received: (qmail 32760 invoked from network); 8 Feb 2002 03:07:10 -0000
by mail.securityfocus.com with SMTP; 8 Feb 2002 03:07:10 -0000
id B9CA71C048; Thu, 7 Feb 2002 21:14:34 -0600 (CST)
Date: Thu, 7 Feb 2002 21:14:34 -0600 (CST)
Subject: Undelivered Mail Returned to Sender
This is a MIME-encapsulated message.
I'm sorry to have to inform you that the message returned
below could not be delivered to one or more destinations.
If you do so, please include this problem report. You can
delete your own text from the message returned below.
The Postfix program
Content-Description: Undelivered Message
Received: from outgoing.securityfocus.com (outgoing3.securityfocus.com [184.108.40.206])
Received: from lists.securityfocus.com (lists.securityfocus.com [220.127.116.11])
by outgoing.securityfocus.com (Postfix) with QMQP
id 9AC1FA30A5; Thu, 7 Feb 2002 20:01:18 -0700 (MST)
Mailing-List: contact webappsec-helpsecurityfocus.com; run by ezmlm
Delivered-To: mailing list webappsecsecurityfocus.com
Delivered-To: moderator for webappsecsecurityfocus.com
Received: (qmail 10736 invoked from network); 8 Feb 2002 03:06:36 -0000
X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.5 (32)
Date: Fri, 08 Feb 2002 11:12:55 +0800
To: "josh smith" <pen_testerhotmail.com>,
From: Lincoln Yeoh <lyeohpop.jaring.my>
Subject: Re: Webappsec FAQ?
Content-Type: text/plain; charset="us-ascii"
By the way, any of you have more suggestions on my original question - how
to display HTML with the active stuff removed?
I'm trying to display HTML as _HTML_, not text. Displaying HTML as text is
At 09:34 AM 07-02-2002 -0600, josh smith wrote:
>Follow the Cert Advisory and encode all special characters (% and ' and "
>and < and > and |). Specifically, encoding just < and > in a dynamic web
>will be limited but it is still possible and the extent of the exploit
>really depends on the application. Don't just think of CSS think of other
>things like SQL injection and other types of input validation attacks
>(buffer overflows etc etc). This all falls under Input Validation. Never
>trust client input in anyway.