-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
____/ Sinister Midget III on Tuesday 11 August 2009 23:01 : \____
> On 2009-08-11, Lusotec <nomail@xxxxxxxxxx> claimed:
>> Roy Schestowitz wrote:
>>> MoD website outflanked by XSS flaws
>>>
>>> http://www.theregister.co.uk/2009/08/10/mod_xss_vulns/
>>>
>>> It's a Windows shop.
>>>
>>> http://toolbar.netcraft.com/site_report?url=http://www.mod.uk
>>>
>>> 500,000 Web sites were cracked due to similar issues last year (XSS on
>>> IIS).
>>
>> XSS security vulnerabilities are in the scripts driving the site. XSS (and
>> also SQL injections) vulnerabilities are the result of coding flaws in the
>> script where the inputs are not properly checked and sanitized. The OS and
>> web server has nothing to do with it.
>
> If it was linux it would be the OS' fault. Ask DuFuS or Qook.
Remember that if someone injects a script into the DB, he or she would not have
sufficient privileges on Linux to do much harm.
- --
~~ Best of wishes
Ich kenne auch ein Klo, wo "Austria Email" draufsteht. Das ist
wahrscheinlich eine Art Rohrpost. -- Robert Bihlmeyer in at.sonstiges
http://Schestowitz.com | Free as in Free Beer | PGP-Key: 0x74572E8E
Cpu(s): 22.6%us, 5.0%sy, 0.1%ni, 70.6%id, 1.3%wa, 0.0%hi, 0.4%si, 0.0%st
http://iuron.com - semantic engine to gather information
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iEYEARECAAYFAkqCCscACgkQU4xAY3RXLo5C0wCePyiDQg0LKVMfqs8LCCtU3VzT
G6gAoJkE4CSWIA6a/kQjTrCk3Mg4eNtB
=xcQj
-----END PGP SIGNATURE-----
|
|
