CERT Advisory on malicious scripts

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 26968
interpreted = N
texte = CERT has released an advisory regarding web based systems, such as message boards, and their ability to include malicious scripts. This effects all platforms, including WebStar, and may be of interest to those of you who might not previously been aware of the potential problems associated with not checking included HTML code submitted by users are parts of messages, etc.http://www.cert.org/advisories/CA-2000-02.html Does anyone have any quick method for recognizing mailcious code from form entries processed by webCat. I have to admit that one site I manage does have a textarea where people can enter a personal description. I just tried and was able to insert a
with submit button and the bogus form did appear on any page which delivered this user's profile.yikes!___Joe____________________________________________________ Joseph D'Andrea JoeDan@West21.com WEST21.com Internet services for the 21st Century http://www.west21.com/ _________________________________________________ ------------------------------------------------------------- Brought to you by CommuniGate Pro - The Buzz Word Compliant Messaging Server. To end your Mail problems go to .This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Associated Messages, from the most recent to the oldest:

    
  1. Re: CERT Advisory on malicious scripts (Kenneth Grome 2000)
  2. Re: CERT Advisory on malicious scripts (Miguel Castaneda 2000)
  3. Re: CERT Advisory on malicious scripts (Kenneth Grome 2000)
  4. Re: CERT Advisory on malicious scripts (John Butler 2000)
  5. Re: CERT Advisory on malicious scripts (Joseph D'Andrea 2000)
  6. Re: CERT Advisory on malicious scripts (Kenneth Grome 2000)
  7. Re: CERT Advisory on malicious scripts (Joseph D'Andrea 2000)
  8. Re: CERT Advisory on malicious scripts (The Mooseman 2000)
  9. Re: CERT Advisory on malicious scripts (Alex McCombie 2000)
  10. Re: CERT Advisory on malicious scripts (Kenneth Grome 2000)
  11. CERT Advisory on malicious scripts (Joseph D'Andrea 2000)
CERT has released an advisory regarding web based systems, such as message boards, and their ability to include malicious scripts. This effects all platforms, including WebStar, and may be of interest to those of you who might not previously been aware of the potential problems associated with not checking included HTML code submitted by users are parts of messages, etc.http://www.cert.org/advisories/CA-2000-02.html Does anyone have any quick method for recognizing mailcious code from form entries processed by webCat. I have to admit that one site I manage does have a textarea where people can enter a personal description. I just tried and was able to insert a with submit button and the bogus form did appear on any page which delivered this user's profile.yikes!___Joe____________________________________________________ Joseph D'Andrea JoeDan@West21.com WEST21.com Internet services for the 21st Century http://www.west21.com/ _________________________________________________ ------------------------------------------------------------- Brought to you by CommuniGate Pro - The Buzz Word Compliant Messaging Server. To end your Mail problems go to .This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Joseph D'Andrea

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Almost a there but..bye bye NetCloak (1997) The future of WebCatalog is coming with 4.0... (2000) Color options for items (1999) [WebDNA] WebDNA hosting options (2020) Thanks Grant (1997) Confused about Grep Syntax (2004) docs for WebCatalog2 (1997) Generating and appending SKU to a db automatically (1998) Another reviewer 'forgets' NT WebCatalog (1998) YACBQ.....(Yet another checkbox question) (2000) I give up!! (1997) Bug or syntax error on my part? (1997) Needed, Freelance Web Developer (2007) Q: writefile and uploads. (1998) Verisigns SDK (pay flo pro) (2002) I'm new be kind (1997) Opinion: [input] should be called [output] ... (1997) [returnraw] and form variables (1998) BBEdit and WebCatalog 2.0? (1997) problems with 2 tags (1997)