[Owasp-leaders] Does anyone have an email address for Benjamin Mosse?

Eoin eoin.keary at owasp.org
Wed Apr 1 11:18:00 EDT 2009


This sounds like a fun converstion keep me in the loop!!!

2009/4/1 Arshan Dabirsiaghi <arshan.dabirsiaghi at aspectsecurity.com>

>  He claims here that he has 2 proofs of concept for bypassing AntiSamy:
>
>
>
>
> http://blog.engineeringforfun.com/hacking-related/bypassing-owasps-antisamy.html
>
>
>
> Yet when I try both the vectors on my public-please-hack-me test page, they
> fail:
>
>
>
>
> http://i8jesus.com:9080/AntiSamyDemoWebApp/test.jsp?profile=Proof+of+concept%0D%0A%3Ca+-+href%3D%22%2F%22+onmouseover%3D%22javascript%3Aalert%281%29%22%3Elink%3C%2Fa%3E%0D%0A%3Cimg+.+src%3D%<http://i8jesus.com:9080/AntiSamyDemoWebApp/test.jsp?profile=Proof+of+concept%0D%0A%3Ca+-+href%3D%22%2F%22+onmouseover%3D%22javascript%3Aalert%281%29%22%3Elink%3C%2Fa%3E%0D%0A%3Cimg+.+src%3D%25>
>
>
>
> Comments are bizarrely turned off on his blog and I can’t find his email.
> I’m trying to temper my irritation in case he actually has something, but
> the prospect of an OWASPer trying to “out” another OWASPer with
> non-reproducible slander is *very* disappointing.
>
>
>
> Arshan
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
>


-- 
Eoin Keary CISSP CISA
https://www.owasp.org/index.php/OWASP_Ireland_AppSec_2009_Conference

OWASP Code Review Guide Lead Author
OWASP Ireland Chapter Lead
OWASP Global Committee Member (Industry)

Quis custodiet ipsos custodes
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20090401/d236c506/attachment-0001.html 


More information about the OWASP-Leaders mailing list