Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Is OWASP vulnerable ??
From: Scarlet Pimpernel <kishfellow () yahoo com>
Date: Sat, 10 Mar 2007 09:23:45 -0800 (PST)

Hello all,

There is an undefined function in OWASP website's javascript code (wikibits.js)
called wgBreakFrames. This can cause potential damage to the site if used maliciously.


start of code:

if (wgBreakFrames) {
// Un-trap us from framesets
if (window.top != window) {
window.top.location = window.location;

end of code

Your views, thoughts,comments,criticism, are most welcome.

Cheers :)

Blog entry: http://kishfellow.blogspot.com/2007/03/is-owasp-vulnerable-check-this-out-code.html

Remember there is alwayz someone who knows more than us out there

Finding fabulous fares is fun.
Let Yahoo! FareChase search your favorite travel sites to find flight and hotel bargains.
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]