[Owasp-leaders] OWASP's Wiki Search Engine

psiinon psiinon at gmail.com
Thu Feb 10 11:11:19 EST 2011


If its not an easy fix then shouldnt we disable the functionality
until a fix can be found, tested and applied?
Its pretty embarrassing to have an XSS on owasp.org and of course it
could be used to compromise the site or its visitors :(
If we cant get this right then what hope do other people have?

Psiinon

On Thu, Feb 10, 2011 at 4:04 PM, Laurence Casey <larry.casey at owasp.org> wrote:
> Actually, we have no award for being the first to find a problem, but the
> first person to come to me and provide the solution gets a beer on OWASP. If
> you are at the summit, you can cash in now.
>
> Here is the extension.
>
> http://www.mediawiki.org/wiki/Extension:SphinxSearch
>
> --Larry
>
> -----Original Message-----
> From: owasp-leaders-bounces at lists.owasp.org
> [mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of psiinon
> Sent: Thursday, February 10, 2011 3:33 PM
> To: owasp-leaders at lists.owasp.org
> Subject: Re: [Owasp-leaders] OWASP's Wiki Search Engine
>
> Is there a prize for the first XSS vuln to be found on the search function?
> If so can I claim it >:)
>
> Emailing details to Larry ;)
>
> Psiinon
>
> On Thu, Feb 10, 2011 at 2:54 PM, Laurence Casey <larry.casey at owasp.org>
> wrote:
>> Everyone,
>>
>>
>>
>> I have implemented a new search engine on the wiki as discussed in our
>> website committee meeting. This is a Sphinx search engine and this
>> will provide much better results. I was able to actually find things
>> on the wiki now.
>>
>>
>>
>> Enjoy!
>>
>>
>>
>> --Larry Casey
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>


More information about the OWASP-Leaders mailing list