Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Is OWASP vulnerable ??
From: "Steven M. Christey" <coley () mitre org>
Date: Mon, 12 Mar 2007 18:33:49 -0400 (EDT)


Not to reduce the high signal-to-noise ratio on this thread, but I
suspect there are lots of "eval injection" vulnerabilities in
Javascript-heavy applications, but they don't seem to be reported to
the usual places, or maybe people just call them XSS.  Perl, PHP, and
other interpreted languages have eval injection too, but at least
they're reported occasionally.

- Steve

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]