Web Application Security
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Re: Advanced XSS paper and semi-new attack Oct 20 2003 04:21PM
Härnhammar, Ulf (Ulf Harnhammar 9485 student uu se)
That's an interesting paper! Some points I thought about while reading it:

* Many environments (PHP, Perl+CGI.pm) accept both POSTed and GETted data. At
least in some circumstances, they just put it in a structure for incoming data
without much regard for what HTTP method was used.

* Several HTM...

[ more ]  

Privacy Statement
Copyright 2010, SecurityFocus