On Saturday 23 December 2006 10:00, Thijs Kinkhorst wrote: > I haven't found a concrete way to exploit it yet, since some HTML > inputs are stripped from all input parameters. A concrete example > would help to confirm the status of this bug. Do you have one?
This page gives an example. http://www.securityfocus.com/archive/1/archive/1/454810/100/0/threaded I haven't tested it, though. Stefan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
