Michael Sutton's Blog
March 2007 - Posts
Debug Message XSS Vulnerabilities
I was excited this afternoon when I thought that I'd stumbled upon a universal XSS vulnerability in verbose ColdFusion error messages. While testing a site, I had noted that a verbose debug error message (see below) echoed back many of the request
Read More...
Search
Go
This Blog
Home
Email
Tags
0day
AJAX
Binary Search
Black Tuesday
blacklist
certificates
Code Search
ColdFusion
EV SSL
google
Microsoft
Patches
phishing
resolutions
SQL Injection
SSL
Web 2.0
XSS
Navigation
Home
Blogs
Forums
Photos
Downloads
Archives
January 2008 (1)
June 2007 (2)
May 2007 (1)
April 2007 (2)
March 2007 (1)
February 2007 (3)
January 2007 (5)
December 2006 (4)
November 2006 (4)
October 2006 (3)
September 2006 (6)
August 2006 (1)
SPI Links
SPI Product News
Developer Security
SPI Dynamics
SPICON 2006
Syndication
RSS 2.0
Atom 1.0