The issue is a lack of input validation. OWASP would be a great learning exercise for the coders on this product. It seems to be assumed that only trust-worthy users will connect only to trust-worthy sites. I could not find any evidence of input validation.
The issue is a lack of input validation. OWASP would be a great learning exercise for the coders on this product. It seems to be assumed that only trust-worthy users will connect only to trust-worthy sites. I could not find any evidence of input validation.
Through the magic of Web Scarab and Paro...
[ more ]