On 2009-08-11, Lusotec <nomail@xxxxxxxxxx> claimed:
> Roy Schestowitz wrote:
>> MoD website outflanked by XSS flaws
>>
>> http://www.theregister.co.uk/2009/08/10/mod_xss_vulns/
>>
>> It's a Windows shop.
>>
>> http://toolbar.netcraft.com/site_report?url=http://www.mod.uk
>>
>> 500,000 Web sites were cracked due to similar issues last year (XSS on
>> IIS).
>
> XSS security vulnerabilities are in the scripts driving the site. XSS (and
> also SQL injections) vulnerabilities are the result of coding flaws in the
> script where the inputs are not properly checked and sanitized. The OS and
> web server has nothing to do with it.
If it was linux it would be the OS' fault. Ask DuFuS or Qook.
--
Drawing on my fine command of language, I said nothing
----------------------------------------------------------------
Eee PC900 16G SSD 2G RAM Linux Mint 7
Friends don't let friends use Windows
|
|
