There was a discussion about this awhile ago. Most people seems confused with XSS and how it is defined. I don't see how writting to a file could be concidered XSS in any way. quote from http://online.securityfocus.com/archive/82/263218 "Although very simular to XSS writting SSI, PHP, or any other kind of server side language is not XSS, but rather a remote file writting vulnerability. The difference is there and I don't feel we should [not] confuse the two. I am not sure if you would call client side scriptting that is saved to a file on the server XSS, but I personally do not count it as such." Wouldn't it be strange if all defacements were really XSS. _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.
This archive was generated by hypermail 2b30 : Tue Apr 30 2002 - 13:51:47 PDT