Full Disclosure mailing list archives

Re: Is OWASP vulnerable ??

From: "Steven M. Christey" <coley () mitre org>
Date: Mon, 12 Mar 2007 18:33:49 -0400 (EDT)


Not to reduce the high signal-to-noise ratio on this thread, but I
suspect there are lots of "eval injection" vulnerabilities in
Javascript-heavy applications, but they don't seem to be reported to
the usual places, or maybe people just call them XSS.  Perl, PHP, and
other interpreted languages have eval injection too, but at least
they're reported occasionally.

- Steve

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Is OWASP vulnerable ??, (continued)
- - - Re: Is OWASP vulnerable ?? Paul Schmehl (Mar 10)
    - Re: Is OWASP vulnerable ?? Valdis . Kletnieks (Mar 10)
    - Re: Is OWASP vulnerable ?? Paul Schmehl (Mar 10)
    - Re: Is OWASP vulnerable ?? jf (Mar 10)
    - Re: Is OWASP vulnerable ?? czino2 (Mar 11)
    - Re: Is OWASP vulnerable ?? Michael Silk (Mar 11)
- Re: Is OWASP vulnerable ?? Andrew Farmer (Mar 10)
  - Re: Is OWASP vulnerable ?? Scarlet Pimpernel (Mar 10)
    - Re: Is OWASP vulnerable ?? jf (Mar 10)
    - Re: Is OWASP vulnerable ?? czino2 (Mar 11)
- Re: Is OWASP vulnerable ?? Steven M. Christey (Mar 12)