[WebDNA] Security Problem

This WebDNA talk-list message is from

2015


It keeps the original formatting.
numero = 112349
interpreted = N
texte = --Apple-Mail=_A6D95643-CAC7-4287-8284-BB1CD8C7E780 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 I just came across this on Firefox (must be firefox) on a client=E2=80=99s= website http://yourdomain.com/?test=3D" This can be a problem in that an attacker can redirect Cookies on his = own website to Hijack account of victim by sending affected Link. I know that it is very remote but it is a known vulnerability. Kind regards Stuart Tremain IDFK Web Developments AUSTRALIA webdna@idfk.com.au --Apple-Mail=_A6D95643-CAC7-4287-8284-BB1CD8C7E780 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 I just came across this on Firefox (must be firefox) on a = client=E2=80=99s website


http://yourdomain.com/?test=3D"</script><img = src=3Dx onerror=3Dalert(document.cookie)>

This can be a problem in that = an attacker can redirect Cookies on his own website = to Hijack account of victim by sending affected Link.

I know that it is very remote but it = is a known vulnerability.



Kind regards

Stuart Tremain
IDFK Web Developments
AUSTRALIA





= --Apple-Mail=_A6D95643-CAC7-4287-8284-BB1CD8C7E780-- Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] Security Problem (Tom Duke 2015)
  2. Re: [WebDNA] Security Problem (Stuart Tremain 2015)
  3. [WebDNA] Security Problem (Stuart Tremain 2015)
--Apple-Mail=_A6D95643-CAC7-4287-8284-BB1CD8C7E780 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 I just came across this on Firefox (must be firefox) on a client=E2=80=99s= website http://yourdomain.com/?test=3D" This can be a problem in that an attacker can redirect Cookies on his = own website to Hijack account of victim by sending affected Link. I know that it is very remote but it is a known vulnerability. Kind regards Stuart Tremain IDFK Web Developments AUSTRALIA webdna@idfk.com.au --Apple-Mail=_A6D95643-CAC7-4287-8284-BB1CD8C7E780 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 I just came across this on Firefox (must be firefox) on a = client=E2=80=99s website


http://yourdomain.com/?test=3D"</script><img = src=3Dx onerror=3Dalert(document.cookie)>

This can be a problem in that = an attacker can redirect Cookies on his own website = to Hijack account of victim by sending affected Link.

I know that it is very remote but it = is a known vulnerability.



Kind regards

Stuart Tremain
IDFK Web Developments
AUSTRALIA





= --Apple-Mail=_A6D95643-CAC7-4287-8284-BB1CD8C7E780-- Stuart Tremain

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

forming a SKU (1999) Math with Time (1997) Success Stories (1997) Follow-Up to: Removing [showif] makes a big difference in speed (1997) [sendmail] and [formvariables] (1997) How To Install (2003) Calendar using WebCatalog? (1997) Plugin or CGI or both (1997) Many $WebCat.exe processes (1998) [WebDNA] Append speed limits (2008) fieldnamesdir=ra equivalent for [sql] (2002) WebCat2 - [format thousands] (1997) Tab Charactor (1997) Bug Report, maybe (1997) TCPConnect / TCPSend to Solaris NN Enterprise (2002) Cookie Crumble (1998) multiple search commands (1997) EIMS Problems (1997) America Online Issues (1998) World Address Info (2003)