| « Top gear's new season starts this sunday! | InterfaceFLOR number one in The SustainAbility Survey 2009 » |
New websecurity feature in Domino 8.5?
Has anyone seen this before on their domino servers? I was doing some testing on my Domino webserver and I saw this:
XSS security triggered by request shopdisplayproducts.asp?id=1&cat=<script>alert(document.cookie)</script>
I couldn't find the message when searching through google, nor in the admin help.
XSS security triggered by request shopdisplayproducts.asp?id=1&cat=<script>alert(document.cookie)</script>
I couldn't find the message when searching through google, nor in the admin help.
4 comments
Comment from: Simon O'Doherty [Visitor]
More details here.
http://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29
http://www.owasp.org/index.php/Cross-site_Scripting_%28XSS%29
11/08/09 @ 21:08
Simon, I get the XSS part, it's the fact that there is a message on the domino console that's interesting ;)
11/08/09 @ 21:10
Comment from: Christian Brandlehner [Visitor]
Maybe it was triggered by iNotes filtering malicious code from an email?
11/08/09 @ 22:00
Christian:
Noopz, it definately was my own scan, without being logged in, so just on the public http side of the domino server.
Noopz, it definately was my own scan, without being logged in, so just on the public http side of the domino server.
11/08/09 @ 22:18
Comment feed for this postLeave a comment
Yet another Domino/Websphere Admin blog.
About me:
Lotus Notes/Domino Admin
Websphere Commerce Admin
sceptic
critic
About me:
Lotus Notes/Domino Admin
Websphere Commerce Admin
sceptic
critic
