[Owasp-leaders] Does anyone have an email address for Benjamin Mosse?

Christian Heinrich christian.heinrich at owasp.org
Thu Apr 2 06:09:50 EDT 2009


Arshan,

His e-mail address is mosse.benjamin at gmail.com


Regards,
Christian Heinrich
OWASP "Google Hacking" Project Lead
Presenting at the OWASP European Conference and CONFidence (11-16 May
in Kraków, Poland)

On 4/2/09, Arshan Dabirsiaghi <arshan.dabirsiaghi at aspectsecurity.com> wrote:
> He claims here that he has 2 proofs of concept for bypassing AntiSamy:
>
>
>
> http://blog.engineeringforfun.com/hacking-related/bypassing-owasps-antis
> amy.html
>
>
>
> Yet when I try both the vectors on my public-please-hack-me test page,
> they fail:
>
>
>
> http://i8jesus.com:9080/AntiSamyDemoWebApp/test.jsp?profile=Proof+of+con
> cept%0D%0A%3Ca+-+href%3D%22%2F%22+onmouseover%3D%22javascript%3Aalert%28
> 1%29%22%3Elink%3C%2Fa%3E%0D%0A%3Cimg+.+src%3D%
> <http://i8jesus.com:9080/AntiSamyDemoWebApp/test.jsp?profile=Proof+of+co
> ncept%0D%0A%3Ca+-+href%3D%22%2F%22+onmouseover%3D%22javascript%3Aalert%2
> 81%29%22%3Elink%3C%2Fa%3E%0D%0A%3Cimg+.+src%3D%25>
>
>
>
> Comments are bizarrely turned off on his blog and I can't find his
> email. I'm trying to temper my irritation in case he actually has
> something, but the prospect of an OWASPer trying to "out" another
> OWASPer with non-reproducible slander is very disappointing.
>
>
>
> Arshan
>
>


More information about the OWASP-Leaders mailing list