[Full-disclosure] Is OWASP vulnerable ??
Steven M. Christey
coley at mitre.org
Mon Mar 12 22:33:49 GMT 2007
Not to reduce the high signal-to-noise ratio on this thread, but I
suspect there are lots of "eval injection" vulnerabilities in
Javascript-heavy applications, but they don't seem to be reported to
the usual places, or maybe people just call them XSS. Perl, PHP, and
other interpreted languages have eval injection too, but at least
they're reported occasionally.
- Steve
Full-Disclosure is hosted and sponsored by Secunia.