Web Application Security
Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Re: Advanced XSS paper and semi-new attack
Oct 20 2003 04:21PM
Härnhammar, Ulf (Ulf Harnhammar 9485 student uu se)
That's an interesting paper! Some points I thought about while reading it:
* Many environments (PHP, Perl+CGI.pm) accept both POSTed and GETted data. At
least in some circumstances, they just put it in a structure for incoming data
without much regard for what HTTP method was used.
* Several HTM...
[ more ]
Copyright 2010, SecurityFocus