[Full-disclosure] [FDSA] Notepad Highly Critical Cross-Site Scripting (XSS) Vulnerability
M.B.Jr.
marcio.barbado at gmail.com
Thu Jan 17 20:33:08 GMT 2008
Guess Fredrick's sarcastic and cynical suggestion is:
xss-like menaces seems as unstoppable as this web-slavery the industry imposes.
Well, if so, I agree.
On 1/17/08, BlackHawk <hawkgotyou at gmail.com> wrote:
> > ======
> > 4) Fix
> > ======
>
> > Notepad should be rewritten to filter potentially dangerous
> > characters. Characters can be converted to their html encoded
> > equivalents.
>
> translated: you CAN'T write pages in HTML with any program..
>
> >Fredrick Diggle Security Services is probably the best application
> >security researchers on the scene this month. They have identified
> >several hundred thousand vulnerabilities this week[..]
>
> i think you must read this: http://www.amazon.com/PCs-Dummies-Quick-Reference-Gookin/dp/0764507222
>
>
> --
> Best regards,
> BlackHawk mailto:hawkgotyou at gmail.com
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
--
Marcio Barbado, Jr.
Full-Disclosure is hosted and sponsored by Secunia.