[Owasp-ireland] Don't underestimate the power of XSS!

davidrook david.rook at realexpayments.com
Tue Apr 13 09:53:37 EDT 2010


I wanted to share this link with you all: 
https://blogs.apache.org/infra/entry/apache_org_04_09_2010

It is a very good write up by the Apache Software Foundation incident 
response team on how users clicking on a link which exploited a Cross 
Site Scripting flaw in their bug tracking software lead to servers being 
exploited, usernames and passwords being stolen and obtaining root 
access on core Apache servers.

Dave

-- 
David Rook | david.rook at realexpayments.com
Security Analyst

Realex Payments
Enabling thousands of businesses to sell online.

Follow Realex Payments on Twitter www.twitter.com/realexpayments 
 
Our LinkedIn Profile: http://www.linkedin.com/companies/realex-payments 

Visit our other Realex Payments websites:
www.securityninja.co.uk
www.airlinepayments.com
www.sepa.ie
www.onlinepayments.ie

Realex Payments Dublin: 
Castlecourt, Monkstown Farm, Monkstown, Co Dublin. Ireland
t: +353 (0)1 2808559 | f: +353 (0)1 2808538 | www.realexpayments.com

Realex Payments London: 
1 Lyric Square, Hammersmith, London W6 0NB, United Kingdom. 
t: +44 (0)20 3178 5370 | f: +44 (0)20 7691 7264 | www.realexpayments.co.uk

Realex Payments Paris: 
27 avenue de l'Opéra, 75001 Paris. France. 
t: +33 (0)1 70 38 51 37 | f: +33 (0)1 70 38 51 51
 
Pay and Shop Limited, trading as Realex Payments has its registered office at Castlecourt, Monkstown Farm, Monkstown, Co. Dublin, Ireland and is registered in Ireland, company number 324929. This mail and any documents attached are classified as confidential and are intended for use by the addressee(s) only unless otherwise indicated. If you are not an intended recipient of this email, you must not use, disclose, copy, distribute or retain this message or any part of it. If you have received this email in error, please notify us immediately and delete all copies of this email from your computer system(s).




More information about the Owasp-ireland mailing list