Archive of UserLand's first discussion group, started October 5, 1998.

Manila security hole w/o JavaScript

Author:Jake Savin
Posted:5/9/2000; 8:18:19 PM
Topic:Manila security hole w/o JavaScript
Msg #:17140
Prev/Next:17139 / 17141

It turns out that Manila sites are susceptible to the security hole described on the Zope.org website, even if JavaScript is turned off in your browser.

It's even worse than it appears!

This HTML flipped the homepage of my test site even though I had JavaScript turned off:


	
		I'm about to flip your homepage
		
		
	
		Flipping your home page in 5 seconds...
		
	

You're at risk whenever your browser is logged in to your site (you have a good cookie) and you have managing editor privileges. The only sure way to avoid the risk is to sign out before you visit any untrusted site.




This page was archived on 6/13/2001; 4:55:08 PM.

© Copyright 1998-2001 UserLand Software, Inc.