thanks Indrajith

Discussion of items in the "What's New" log.

thanks Indrajith

Postby josh » Thu Jan 16, 2014 2:09 am

  Indrajith, an IT web Security Researcher & Malware analyst, discovered that you could do a cross scripting attack on the website by putting bad stuff in place of the language code in a url and let us know. We fixed it and updated the code repository. If you're familiar with the web code (ha! i'd say 'both of you' but that might be overstating things), you may know that we have a pretty good input sanitization function, but we weren't checking the language code. Thanks Indrajith!!
josh
 
Posts: 1354
Joined: Fri Aug 29, 2003 2:28 pm

Return to What's New

Who is online

Users browsing this forum: No registered users and 4 guests

cron