[32446] in bugtraq
Re: Web Wiz Forums ver. 7.01
daemon@ATHENA.MIT.EDU (Thor)
Fri Nov 14 17:52:48 2003
Message-ID: <009001c3aaf9$f95dd280$af05a8c0@anchorsign.com>
From: "Thor" <thor@hammerofgod.com>
To: <bruce@webwizguide.info>, <bugtraq@securityfocus.com>
Date: Fri, 14 Nov 2003 13:55:10 -0800
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
> The only variable that was not filtered correctly was the Location field
which is populated by a drop down box.
Just to note, one should replace "is populated" by "normally populated if
they use my form to submit data." It is a common misconception that option
controls limit input variables. I know you know that, but since you were
replying to a bug post, we should make sure other's know that too.
Nice you are filtering everything now, though :)
t
