Bugtraq: Re: [WEB SECURITY] countermeasure against attacks through HTML shared files

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: [WEB SECURITY] countermeasure against attacks through HTML shared files

From: fcorella () pomcor com
Date: Fri, 07 Nov 2008 17:38:29 +0000

Hi Adrian,

It would have been cool to mention Microsoft SharePoint as an example of
a popular file sharing system that allows persistent XSS through shared
HTML files. i.e.:


Thanks for pointing this out.  I didn't look at SharePoint, actually.  I did look at many others, and didn't find any 
that took any explicit precautions against XSS through shared files.  But I thought there was no need to mention any 
names in the paper.

Francisco

By Date By Thread

Current thread:

Re: [WEB SECURITY] countermeasure against attacks through HTML shared files fcorella (Nov 07)
- <Possible follow-ups>
- Re: [WEB SECURITY] countermeasure against attacks through HTML shared files fcorella (Nov 09)
- Re: [WEB SECURITY] countermeasure against attacks through HTML shared files fcorella (Nov 11)