Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Martin Eiszner (martinwebsec.org)
Date: Thu Apr 17 2003 - 10:15:34 CDT
On Thu, 17 Apr 2003 10:52:45 -0400
"Brass, Phil (ISS Atlanta)" <PBrassiss.net> wrote:
> it's getting it to execute in a meaningful context
from the security-testing point of view its not necessary to execute any script .. because:
LEADS TO output
the application is definitively vulnerable !!!
and it is a confuguration-issue to check for all "known" and "unknown" script-tags and -objects !!
WebSec.org / Martin Eiszner
Austria / EUROPE
tel: 0043 699 121772 37