BugTraq
Re: XSS in Oracle default fcgi-bin/echo Oct 13 2010 08:18PM
paul szabo sydney edu au (1 replies)
RE: [Full-disclosure] XSS in Oracle default fcgi-bin/echo Oct 13 2010 08:42PM
Thor (Hammer of God) (thor hammerofgod com) (1 replies)
RE: [Full-disclosure] XSS in Oracle default fcgi-bin/echo Oct 13 2010 08:49PM
paul szabo sydney edu au (1 replies)
RE: [Full-disclosure] XSS in Oracle default fcgi-bin/echo Oct 13 2010 09:14PM
Thor (Hammer of God) (thor hammerofgod com) (1 replies)
RE: [Full-disclosure] XSS in Oracle default fcgi-bin/echo Oct 13 2010 09:35PM
paul szabo sydney edu au (1 replies)
Dear Thor,

Amazing how people claim being logical ... sure sign they aren't!

> ... Irrespective of the method you choose to validate "bona-fide"
> recipients of your PoC, you will have no control over what the
> recipient chooses to do with it once they have it. As such, logic
> dictates that your PoC be considered "public" the moment you release
> it. ...

Does logic dictate that all people are rabid pro-disclosure zealots,
who do not respect copyright, IP rights, nor gentle personal requests
for discretion?

> ... don't fool yourself into thinking you are somehow being
> responsible ...

I do not own an over-inflated ego.

> ... or simply send the code to Oracle and ask them ...

Sorry to blow your assumption: sent to Oracle, ages ago, first thing.

Cheers, Paul

Paul Szabo psz (at) maths.usyd.edu (dot) au [email concealed] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia

[ reply ]
Re: [Full-disclosure] XSS in Oracle default fcgi-bin/echo Oct 17 2010 06:23AM
Riyaz Walikar (riyazwalikar gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus