[OWASP-Bangalore] [Owasp-leaders] dsanbox.owasp.org is vul Web cache poisoning attacks lead to Stored XSS?

• Previous message: [OWASP-Bangalore] OwaspWIA + InfoSecGirls Tech Talk on 12th January
• Next message: [OWASP-Bangalore] CSP- Implementation Issue - Query
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi everyone,

I found a video from a men uploaded to youtube show how he can do a Web cache poisoning attacks lead to Stored XSS into dsanbox.owasp.org. You can watch this video bellow link:
https://www.youtube.com/watch?v=pkCOsO9o-L4

So what we need to do to prevent this in future?

Thanks,

--
Nam Tran Phuong
Addr: Floor 3, 42 Tran Quoc Toan, Hai Chau District, Da Nang city, Vietnam
Mobile: +84 934 900 955


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-bangalore/attachments/20190114/44b4cd29/attachment.html>

• Previous message: [OWASP-Bangalore] OwaspWIA + InfoSecGirls Tech Talk on 12th January
• Next message: [OWASP-Bangalore] CSP- Implementation Issue - Query
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]