[OT] "Hacker Safe"
This WebDNA talk-list message is from 2007
It keeps the original formatting.
numero = 69481
interpreted = N
texte = Hello,I am working with a client that uses a service called"hacker safe". They notified me of a "volnurability"in a site I've been working on that involves sendingjavascript in a URL. I am trying to determine thescope of this "volnurability" as it seems just aboutevery dynamic site on the planet is suseptable to this.For example, use this URL to access the Apple storewhich appears to be volnurable in the same way.(you may have to repair email linebreaks before using):http://store.apple.com/1-800-MY-APPLE/WebObjects/AppleStore.woa/wa/RSLID?nnmm=browse&mco=%3E%22%3E%3Cscript%3Ealert%28123%29%3C/script%3E%3C%22&node=home/shop_iphone/family/iphoneWhat kind of "harmful" javascript could replace thenon-harmful example 123 script?...Hacker Safe says:The damage caused by such an attack can range from stealingsession and cookie data from your customers to loading avirus payload onto their computer via browser.stealing "session" info does not sound good... I neverstore anything sensitive in cookies, so I don't thinkthat is a problem. I have no idea what "loading a viruspayload onto their computer via browser" means.What's your thoughts?Donovan-- =o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o DONOVAN D. BROOKE EUCA Design Center <- Web Development (specializing in eCommerce),-> <- Desktop Publishing, Print Consulting, Labels -> <- Glass Blowing, and Art Glass -> PH/FAX:> 1 (608) 770-3822 Web:> http://www.egg.bz | http://www.euca.us =o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list
.To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Associated Messages, from the most recent to the oldest:
Hello,I am working with a client that uses a service called"hacker safe". They notified me of a "volnurability"in a site I've been working on that involves sendingjavascript in a URL. I am trying to determine thescope of this "volnurability" as it seems just aboutevery dynamic site on the planet is suseptable to this.For example, use this URL to access the Apple storewhich appears to be volnurable in the same way.(you may have to repair email linebreaks before using):http://store.apple.com/1-800-MY-APPLE/WebObjects/AppleStore.woa/wa/RSLID?nnmm=browse&mco=%3E%22%3E%3Cscript%3Ealert%28123%29%3C/script%3E%3C%22&node=home/shop_iphone/family/iphoneWhat kind of "harmful" javascript could replace thenon-harmful example 123 script?...Hacker Safe says:The damage caused by such an attack can range from stealingsession and cookie data from your customers to loading avirus payload onto their computer via browser.stealing "session" info does not sound good... I neverstore anything sensitive in cookies, so I don't thinkthat is a problem. I have no idea what "loading a viruspayload onto their computer via browser" means.What's your thoughts?Donovan-- =o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o DONOVAN D. BROOKE EUCA Design Center <- Web Development (specializing in eCommerce),-> <- Desktop Publishing, Print Consulting, Labels -> <- Glass Blowing, and Art Glass -> PH/FAX:> 1 (608) 770-3822 Web:> http://www.egg.bz | http://www.euca.us =o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o=o-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/
Donovan Brooke
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Frames and WebCat (1997)
WebCat2b12--[searchstring] bug (1997)
notification solutions (1997)
Beta 18 (1997)
NT or Mac (1998)
Erotic Sites (1997)
Off the subject... a bit (2000)
Country & Ship-to address & other fields ? (1997)
cart converting to scientific notation format (2001)
Webcat no longer supported? (2006)
(2000)
Admin Edit prob. (1997)
Problem 2: Prefs file... (1997)
Searching for the end (1998)
F*** you (1998)
ARGH! (2004)
Server crash (1997)
Help! WebCat2 bug (1997)
Sendmail and textarea (1998)
Protect vs Authenicate (1997)