Open GoogleCodeExporter opened 9 years ago
I meant:
print "javascript:'@1.3.3.7/http://',alert(1);"
Original comment by evn@google.com
on 6 Oct 2011 at 7:24
ugh, google code is eating my quotes.. there should be a quote after the ;
Original comment by evn@google.com
on 6 Oct 2011 at 7:25
Can you help with an explanation of the problem. Simply, I don't understand
what the 'vulnerability' means.
Original comment by beewoo...@gmail.com
on 31 Mar 2012 at 10:53
Its called XSS. If the user is tricked into clicking such a link he would be
executing attacker-provided JS code.
Original comment by evn@google.com
on 1 Apr 2012 at 8:12
How would the attacker get their code into the demo html file?
Perhaps what would be most helpful would be a patch that modifies the file or
files that have the vulnerability and eliminates the problem.
Original comment by beewoo...@gmail.com
on 1 Apr 2012 at 10:36
Contributing code to this project is complicated with the license this code
has and where I work.
The attacker can get the attack in any number of ways. If shellinabox is
being used to proxy SSH then it could be sent via IRC or in an email and so
on.
Original comment by evn@google.com
on 1 Apr 2012 at 5:06
Original issue reported on code.google.com by
evn@google.com
on 6 Oct 2011 at 7:18