Differences from version 1 to 2



@@ -4,25 +4,28 @@

 
 Example of exploit:
 ++yellow:(:exclaim:) A suitable example of that was used to test would be nice ... <script>alert('hi!');</script> is being used for test purposes.++
+Since the upgrades to script processing also prevent the creation of persistent XSS attacks, the above script can not be stored within this page, and so will need to be added manually to the navigation line on your browser. This will be returned with the tag characters converted to %xx equivalents.
 
 As the problem has been addressed within the core processing of bitweaver, it is not anticipated that other pages would not be processed in the same way.
 
-* [http://www.bitweaver.org/articles/edit.php/<script>alert('hi!');</script>|articles/edit.php]
-* [articles/list.php?<script>alert('hi!');</script>|articles/list.php]
-* [blogs/list_blogs.php/<script>alert('hi!');</script>|blogs/list_blogs.php]
-* [blogs/rankings.php/<script>alert('hi!');</script>|blogs/rankings.php]
-* [calendar/index.php/<script>alert('hi!');</script>|calendar/index.php]
-* [events/calendar.php/<script>alert('hi!');</script>|events/calendar.php]
-* [events/index.php/<script>alert('hi!');</script>|events/index.php]
-* [events/list_events.php/<script>alert('hi!');</script>|events/list_events.php]
-* [fisheye/index.php/<script>alert('hi!');</script>|fisheye/index.php]
-* [fisheye/list_galleries.php/<script>alert('hi!');</script>|fisheye/list_galleries.php]
-* [liberty/list_content.php/<script>alert('hi!');</script>|liberty/list_content.php]
-* [newsletters/edition.php/<script>alert('hi!');</script>|newsletters/edition.php]
-* [pigeonholes/list.php/<script>alert('hi!');</script>|pigeonholes/list.php]
-* [recommends/index.php/<script>alert('hi!');</script>|recommends/index.php]
-* [rss/index.php/<script>alert('hi!');</script>|rss/index.php]
-* [stars/index.php/<script>alert('hi!');</script>|stars/index.php]
-* [users/remind_password.php/<script>alert('hi!');</script>|users/remind_password.php]
-* [wiki/orphan_pages.php/<script>alert('hi!');</script>|wiki/orphan_pages.php]
-* [stats/index.php/<script>alert('hi!');</script>|stats/index.php]
+* [http://www.bitweaver.org/articles/edit.php/|articles/edit.php]
+* [http://www.bitweaver.org/articles/list.php/|articles/list.php]
+* [http://www.bitweaver.org/blogs/list_blogs.php/|blogs/list_blogs.php]
+* [http://www.bitweaver.org/blogs/rankings.php/|blogs/rankings.php]
+* [http://www.bitweaver.org/calendar/index.php/|calendar/index.php]
+* [http://www.bitweaver.org/events/calendar.php/|events/calendar.php]
+* [http://www.bitweaver.org/events/index.php/|events/index.php]
+* [http://www.bitweaver.org/events/list_events.php/|events/list_events.php]
+* [http://www.bitweaver.org/fisheye/index.php/|fisheye/index.php]
+* [http://www.bitweaver.org/fisheye/list_galleries.php/|fisheye/list_galleries.php]
+* [http://www.bitweaver.org/liberty/list_content.php/|liberty/list_content.php]
+* [http://www.bitweaver.org/newsletters/edition.php/|newsletters/edition.php]
+* [http://www.bitweaver.org/pigeonholes/list.php/|pigeonholes/list.php]
+* [http://www.bitweaver.org/recommends/index.php/|recommends/index.php]
+* [http://www.bitweaver.org/rss/index.php/|rss/index.php]
+* [http://www.bitweaver.org/stars/index.php/|stars/index.php]
+* [http://www.bitweaver.org/users/remind_password.php/|users/remind_password.php]
+* [http://www.bitweaver.org/wiki/orphan_pages.php/|wiki/orphan_pages.php]
+* [http://www.bitweaver.org/stats/index.php/|stats/index.php]
+
+An alternative test strategy may be appropriate, but this should show that problems have been addressed.
Page History
Date/CommentUserIPVersion
10 Dec 2008 (08:23 UTC)
Lester Caine81.138.11.1362
Current • Source
Lester Caine81.138.11.1361
View • Compare • Difference • Source