|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Execution of Javascript from PERL
From: Martin Eiszner (martin
websec.org)
Date: Thu Apr 17 2003 - 10:15:34 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
hola,
On Thu, 17 Apr 2003 10:52:45 -0400
"Brass, Phil (ISS Atlanta)" <PBrassiss.net> wrote:
**********
> The real problem is not getting the JavaScript in the page to execute,
> it's getting it to execute in a meaningful context
**********
from the security-testing point of view its not necessary to execute any script .. because:
IF input
"<script>thingstodo();</script>"
LEADS TO output
"<script>thingstodo();</script>"
the application is definitively vulnerable !!!
and it is a confuguration-issue to check for all "known" and "unknown" script-tags and -objects !!
nice day,
mEi
--
WebSec.org / Martin Eiszner
Gurkgasse 49/Top14
1140 Vienna
Austria / EUROPE
meiwebsec.org
http://www.websec.org
tel: 0043 699 121772 37
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]