Home Messages Index
[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index

Re: [News] [Rival] MoD Runs Windows, Gets Cracked

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

____/ Sinister Midget III on Tuesday 11 August 2009 23:01 : \____

> On 2009-08-11, Lusotec <nomail@xxxxxxxxxx> claimed:
>> Roy Schestowitz wrote:
>>> MoD website outflanked by XSS flaws
>>> 
>>> http://www.theregister.co.uk/2009/08/10/mod_xss_vulns/
>>> 
>>> It's a Windows shop.
>>> 
>>> http://toolbar.netcraft.com/site_report?url=http://www.mod.uk
>>> 
>>> 500,000 Web sites were cracked due to similar issues last year (XSS on
>>> IIS).
>>
>> XSS security vulnerabilities are in the scripts driving the site. XSS (and
>> also SQL injections) vulnerabilities are the result of coding flaws in the
>> script where the inputs are not properly checked and sanitized. The OS and
>> web server has nothing to do with it.
> 
> If it was linux it would be the OS' fault. Ask DuFuS or Qook.

Remember that if someone injects a script into the DB, he or she would not have
sufficient privileges on Linux to do much harm.

- -- 
                ~~ Best of wishes


Ich kenne auch ein Klo, wo "Austria Email" draufsteht. Das ist
wahrscheinlich eine Art Rohrpost. -- Robert Bihlmeyer in at.sonstiges
http://Schestowitz.com  | Free as in Free Beer |  PGP-Key: 0x74572E8E
Cpu(s): 22.6%us,  5.0%sy,  0.1%ni, 70.6%id,  1.3%wa,  0.0%hi,  0.4%si,  0.0%st
      http://iuron.com - semantic engine to gather information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkqCCscACgkQU4xAY3RXLo5C0wCePyiDQg0LKVMfqs8LCCtU3VzT
G6gAoJkE4CSWIA6a/kQjTrCk3Mg4eNtB
=xcQj
-----END PGP SIGNATURE-----

[Date Prev][Date Next][Thread Prev][Thread Next]
Author IndexDate IndexThread Index