There was a discussion about this awhile ago. Most people seems confused
with XSS and how it is defined. I don't see how writting to a file could be
concidered XSS in any way.

quote from http://online.securityfocus.com/archive/82/263218

"Although very simular to XSS writting SSI, PHP, or any other kind of server
side language is not XSS, but rather a remote file writting vulnerability.
The difference is there and I don't feel we should [not] confuse the two. I
am not sure if you would call client side scriptting that is saved to a file
on the server XSS, but I personally do not count it as such."

Wouldn't it be strange if all defacements were really XSS.

_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]