Saturday, March 10, 2007

Update from jf -at- danglingpointers -dot- net.

Seems the variable name was googled a bit, and apparently it was a considered a vulnerability, not just a bug... if the wiki was embedded in another frame, the by injecting javascript the attack can occur.So that's what was shown below in the code(see previous blog post).The Authors have anyhow disabled it by default in newer versions of the wiki software.

My bit, is that I have just been digging code decently.We will conclude that I found a bug in OWASP website.(which was considered a vulnerability in the past)

Cheers :)

No comments: