Lewis Posted February 2, 2007 Share Posted February 2, 2007 This comes from this thread..... http://mkivsupra.net/vbb/showthread.php?t=98175&page=6 Mostly the 3 posts I have made at the end of page 6 How seriously do people take web security (particularly XSS & SQLI)? I am aware of a small number of issues in 1 or 2 of my sites that I have no got around to sorting yet but I take web security very seriously, I think this stems from my early interest in security when I started coding when I left the military. How much do people truly understand the impact of exploitable sites? I think I understand more than most and so that leads me to believe that it may be a lack of understanding that makes people think that Type1 XSS is nothing to worry about, whereas I view it as one of the most worrying (as I see it being the most common) problem within dynamic websites today...... thoughts? Link to comment Share on other sites More sharing options...
Charlotte Posted February 3, 2007 Share Posted February 3, 2007 Amen. And stuff. Link to comment Share on other sites More sharing options...
paul ashton Posted February 3, 2007 Share Posted February 3, 2007 Amen. And stuff. God almighty,you put some time in on this site.I thought i was bad! Link to comment Share on other sites More sharing options...
chilli Posted February 3, 2007 Share Posted February 3, 2007 all I can say is it is good that finally the general public are finally becoming aware of these sort of things... which are not new and have been kicking around for years. I remember trying out some of the techniques yonks ago (just as a test) and it is amazing what can be done. generally your average site tends to be better defended these days but there are always the odd sites, and those put together by novices and home users are often full of holes. a little knowledge is a dangerous thing as they say... but at least well known attacks like sql injection etc are pretty benign which is just as well because any bored high school kid can play with those ideas. Link to comment Share on other sites More sharing options...
Lewis Posted February 3, 2007 Author Share Posted February 3, 2007 I exploited microsoft last week with an XSS ole that allowed me to re-write a login page so I think large entities are just as open as your average home user. I emailed them and just checked it and it is still exploitable. Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now