Saturday, March 10, 2007

Is OWASP vulnerable ?

Check this out, the code shown above has the variable wgBreakFrames as undefined.

I expect some feedback on the same... Posted to full disclosure list.

The wgBreakFrames variable is vulnerable to injection...
It is confirmed just as a bug, with minimal impact,not a vulnerability.
There could probably be attacks if we could inject javascript in the window.

I would like to thank, jf -at- danglingpointers -dot- net & andfarm -at- gmail -dot- com, for the assistance provided through the Full-disclosure list :)

Full-Disclosure - We believe in it !

Cheers :)

No comments: