[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: gnatsweb/755: XSS vuln.
From: |
Chad Walstrom |
Subject: |
Re: gnatsweb/755: XSS vuln. |
Date: |
Thu, 14 Jun 2007 11:25:20 -0500 |
User-agent: |
Mutt/1.5.9i |
Unfortunately, Gnatsweb 4.0 doesn't do much for parameter or cookie
input validation and scrubbing. Adding that functionality would be a
welcome addition. Yngve is the person to go for this, as I do not
have CVS access or project access to Gnatsweb, just GNATS. I suspect
that the database parameter isn't the only vulnerability.
--
Chad Walstrom <address@hidden> http://www.wookimus.net/
assert(expired(knowledge)); /* core dump */
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: gnatsweb/755: XSS vuln.,
Chad Walstrom <=