Archive of UserLand's first discussion group, started October 5, 1998.
Manila security hole w/o JavaScript
Author: Jake Savin Posted: 5/9/2000; 8:18:19 PM Topic: Manila security hole w/o JavaScript Msg #: 17140 Prev/Next: 17139 / 17141
It turns out that Manila sites are susceptible to the security hole described on the Zope.org website, even if JavaScript is turned off in your browser.It's even worse than it appears!
This HTML flipped the homepage of my test site even though I had JavaScript turned off:
I'm about to flip your homepage Flipping your home page in 5 seconds...You're at risk whenever your browser is logged in to your site (you have a good cookie) and you have managing editor privileges. The only sure way to avoid the risk is to sign out before you visit any untrusted site.
This page was archived on 6/13/2001; 4:55:08 PM.
© Copyright 1998-2001 UserLand Software, Inc.