Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: HarryM (harrym_at_the-group.org)
Date: Mon Dec 16 2002 - 00:23:45 CST
> In order for a site to be susceptible to XSS attacks, the site needs to
> accept user input and repost that user input. This would allow for the
> two ingredients of XSS: 1. Receiving malicious code from an attacker. 2.
> Delivering that malicious code to a valid user. Accordingly, the answer
> is NO. Your site should be safe from XSS
I haven't been following this thread, so apologies if someone has already
Although that's true, strictly speaking, don't let it lull you into a false
sense of security - A site that takes input without reposting it can still
be susceptible to a wide variety of attacks along the lines of SQL or
special character injection. For example, a site that had an SQL database
set up to record web statistics could be fed a malicious HTTP_REFERER field.
I said 'strictly speaking' above, since although this isn't XSS, it
certainly falls under the same bracket (malicious input and/or lack of input