[Owasp-leaders] OWASP's Wiki Search Engine

Laurence Casey larry.casey at aspectsecurity.com
Thu Feb 10 11:25:23 EST 2011


Psiinon,

Good point. That is why it was taken down right when it was reported.

--Larry

-----Original Message-----
From: owasp-leaders-bounces at lists.owasp.org
[mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of psiinon
Sent: Thursday, February 10, 2011 4:11 PM
To: owasp-leaders at lists.owasp.org
Subject: Re: [Owasp-leaders] OWASP's Wiki Search Engine

If its not an easy fix then shouldnt we disable the functionality until
a fix can be found, tested and applied?
Its pretty embarrassing to have an XSS on owasp.org and of course it
could be used to compromise the site or its visitors :( If we cant get
this right then what hope do other people have?

Psiinon

On Thu, Feb 10, 2011 at 4:04 PM, Laurence Casey <larry.casey at owasp.org>
wrote:
> Actually, we have no award for being the first to find a problem, but 
> the first person to come to me and provide the solution gets a beer on

> OWASP. If you are at the summit, you can cash in now.
>
> Here is the extension.
>
> http://www.mediawiki.org/wiki/Extension:SphinxSearch
>
> --Larry
>
> -----Original Message-----
> From: owasp-leaders-bounces at lists.owasp.org
> [mailto:owasp-leaders-bounces at lists.owasp.org] On Behalf Of psiinon
> Sent: Thursday, February 10, 2011 3:33 PM
> To: owasp-leaders at lists.owasp.org
> Subject: Re: [Owasp-leaders] OWASP's Wiki Search Engine
>
> Is there a prize for the first XSS vuln to be found on the search
function?
> If so can I claim it >:)
>
> Emailing details to Larry ;)
>
> Psiinon
>
> On Thu, Feb 10, 2011 at 2:54 PM, Laurence Casey 
> <larry.casey at owasp.org>
> wrote:
>> Everyone,
>>
>>
>>
>> I have implemented a new search engine on the wiki as discussed in 
>> our website committee meeting. This is a Sphinx search engine and 
>> this will provide much better results. I was able to actually find 
>> things on the wiki now.
>>
>>
>>
>> Enjoy!
>>
>>
>>
>> --Larry Casey
>>
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>>
>>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
>
_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders


More information about the OWASP-Leaders mailing list