[Owasp-leaders] Does anyone have an email address for Benjamin Mosse?

Andrea Cogliati andrea.cogliati at owasp.org
Wed Apr 1 10:58:48 EDT 2009


in case you missed it, you can apparently leave a comment on the About  


On Apr 1, 2009, at 10:55 AM, Arshan Dabirsiaghi wrote:

> He claims here that he has 2 proofs of concept for bypassing AntiSamy:
> http://blog.engineeringforfun.com/hacking-related/bypassing-owasps-antisamy.html
> Yet when I try both the vectors on my public-please-hack-me test  
> page, they fail:
> http://i8jesus.com:9080/AntiSamyDemoWebApp/test.jsp?profile=Proof+of+concept%0D%0A%3Ca+-+href%3D%22%2F%22+onmouseover%3D%22javascript%3Aalert%281%29%22%3Elink%3C%2Fa%3E%0D%0A%3Cimg+.+src%3D 
> %
> Comments are bizarrely turned off on his blog and I can’t find his  
> email. I’m trying to temper my irritation in case he actually has  
> something, but the prospect of an OWASPer trying to “out” another  
> OWASPer with non-reproducible slander is very disappointing.
> Arshan
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

More information about the OWASP-Leaders mailing list