mailing list archives
Re: XSS in Oracle default fcgi-bin/echo
From: paul.szabo () sydney edu au
Date: Thu, 14 Oct 2010 08:35:14 +1100
Amazing how people claim being logical ... sure sign they aren't!
... Irrespective of the method you choose to validate "bona-fide"
recipients of your PoC, you will have no control over what the
recipient chooses to do with it once they have it. As such, logic
dictates that your PoC be considered "public" the moment you release
Does logic dictate that all people are rabid pro-disclosure zealots,
who do not respect copyright, IP rights, nor gentle personal requests
... don't fool yourself into thinking you are somehow being
I do not own an over-inflated ego.
... or simply send the code to Oracle and ask them ...
Sorry to blow your assumption: sent to Oracle, ages ago, first thing.
Paul Szabo psz () maths usyd edu au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
Re: XSS in Oracle default fcgi-bin/echo sumit kumar soni (Oct 14)