Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Bypassing OWASP ESAPI XSS Protection inside Javascript
Posted by: Inferno
Date: August 20, 2009 03:22AM

Hello my fellow ha.ckers,

this is a vulnerability i found while looking at the owasp xss prevention cheatsheet and esapi. http://securethoughts.com/2009/08/bypassing-owasp-esapi-xss-protection-inside-javascript/

if you find more issues, feel free to share in this thread.

-
Inferno
SecureThoughts.com

Options: ReplyQuote


Sorry, only registered users may post in this forum.