('binary' encoding is not supported, stored as-is) Hello all. I think its been made very clear that cross site scripting is a problem to most of us that read bugtraq, but it seems that many high profile companies, even tech ones, have forgotten that it can be a serious issue. I have posted a .txt file on my website that simply shows many example links to vulnerable sites that allow java script execution. A small list of the sites: Midway, Corel, NYTimes.com, AOL, Real Networks, Cisco, IBM, Oracle, Akamai, FedEx, FoxNews Lycos.com (angelfire and tripod), Geocities, Netcraft, and Sourceforge. www.whitehouse.gov and www.nipc.gov are included in the list. A brief paper will be written soon outlining CSS vulns and how to spot and fix them. Hope this is useful. The list can be found at: www.interwn.nl/release/cssvulns.txt philer www.interwn.nl
This archive was generated by hypermail 2b30 : Mon Apr 22 2002 - 22:32:30 PDT