Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: XSS in Oracle default fcgi-bin/echo
From: paul.szabo () sydney edu au
Date: Thu, 14 Oct 2010 08:35:14 +1100

Dear Thor,

Amazing how people claim being logical ... sure sign they aren't!

... Irrespective of the method you choose to validate "bona-fide"
recipients of your PoC, you will have no control over what the
recipient chooses to do with it once they have it.  As such, logic
dictates that your PoC be considered "public" the moment you release
it. ...

Does logic dictate that all people are rabid pro-disclosure zealots,
who do not respect copyright, IP rights, nor gentle personal requests
for discretion?

... don't fool yourself into thinking you are somehow being
responsible ...

I do not own an over-inflated ego.

... or simply send the code to Oracle and ask them ...

Sorry to blow your assumption: sent to Oracle, ages ago, first thing.

Cheers, Paul

Paul Szabo   psz () maths usyd edu au   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]