[ OWASP - Montreal ] [ OWASP - Montréal ] XSFR/CSFR testing difficulty level
philippe at gamache.com
Mon Dec 1 23:47:17 EST 2008
Benoit Guerette wrote:
> How do you flag this on a pen test report. It is a vulnerability,
> resulting in a denial of service, but with low impact.
> Any Cross-site scripting vulnerability mean PCI-DSS failed on a
> report, so for PCI failed.
> But other pen test, do you mark it as low, and the business will
> decide if they fixed it or not?
There is way to block any connection using this... Exemple, display an
image from an other site. This site will just have to do a rewrite the
response with an 401 errors, redirecting to your login...
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 131 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-montreal/attachments/20081201/e7fff5aa/attachment.vcf
More information about the Owasp-montreal