[Owasp-leaders] Does anyone have an email address for Benjamin Mosse?
Andrea Cogliati
andrea.cogliati at owasp.org
Wed Apr 1 10:58:48 EDT 2009
Arshan,
in case you missed it, you can apparently leave a comment on the About
page.
Andrea
On Apr 1, 2009, at 10:55 AM, Arshan Dabirsiaghi wrote:
> He claims here that he has 2 proofs of concept for bypassing AntiSamy:
>
> http://blog.engineeringforfun.com/hacking-related/bypassing-owasps-antisamy.html
>
> Yet when I try both the vectors on my public-please-hack-me test
> page, they fail:
>
> http://i8jesus.com:9080/AntiSamyDemoWebApp/test.jsp?profile=Proof+of+concept%0D%0A%3Ca+-+href%3D%22%2F%22+onmouseover%3D%22javascript%3Aalert%281%29%22%3Elink%3C%2Fa%3E%0D%0A%3Cimg+.+src%3D
> %
>
> Comments are bizarrely turned off on his blog and I can’t find his
> email. I’m trying to temper my irritation in case he actually has
> something, but the prospect of an OWASPer trying to “out” another
> OWASPer with non-reproducible slander is very disappointing.
>
> Arshan
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
More information about the OWASP-Leaders
mailing list