random dross

Web security and beyond...

May, 2009

  • random dross

    Good Bug

    Credit goes to Alex "Kuza55" Kouzemtchenko for identifying a weakness in the XSS Filter OBJECT tag heuristic. The original heuristic failed to properly sanitize OBJECT tags with the DATA attribute set. Alex found that it is possible to use the DATA attribute...
Page 1 of 1 (1 items)