Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: [FDSA] Notepad Highly Critical Cross-Site Scripting (XSS) Vulnerability
From: BlackHawk <hawkgotyou () gmail com>
Date: Thu, 17 Jan 2008 21:12:03 +0100

======
4) Fix
======

Notepad should be rewritten to filter potentially dangerous
characters. Characters can be converted to their html encoded
equivalents.

translated: you CAN'T write pages in HTML with any program..

Fredrick Diggle Security Services is probably the best application
security researchers on the scene this month. They have identified
several hundred thousand vulnerabilities this week[..]

i think you must read this: http://www.amazon.com/PCs-Dummies-Quick-Reference-Gookin/dp/0764507222


--
Best regards,
 BlackHawk                            mailto:hawkgotyou () gmail com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]