[pLog-svn] xss in 1.2.7

Jon Daley plogworld at jon.limedaley.com
Mon May 5 17:41:12 EDT 2008

Previous message: [pLog-svn] xss in 1.2.7
Next message: [pLog-svn] xss in 1.2.7
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 5 May 2008, Reto Hugi wrote:
> But in most cases CSRF countermeasures become useless if you have XSS 
> vulnerabilities (remember: XSS means code injection in your html, means 
> possibility to grab nonces etc...)
 	Right, but if you don't even accept the POST in the first place, 
that it doesn't matter what the content is, no matter where it came from, 
right?

Previous message: [pLog-svn] xss in 1.2.7
Next message: [pLog-svn] xss in 1.2.7
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the pLog-svn mailing list