torsten's .NET blog - Security vulnerability, No.

Friday, December 12, 2003

Security vulnerability, No.

As a RSS Bandit user you know we are hosting a IE Control. So we have to consider all the security vulnerability related to Internet Explorer. Don Park pointed to Zap the Dingbat, that provides a exploit to test Url spoofing. We use our own Url toolbar, so my first idea was: we should be aware of this. But the used control is not under our control, so I really had to test it out. Here is the result:

You see: it displays the full address not cutted after the magic character... Doh!

Friday, December 12, 2003 10:48:41 AM (W. Europe Standard Time, UTC+01:00)

Comments [2] |

Friday, December 12, 2003 11:20:01 PM (W. Europe Standard Time, UTC+01:00)

Cool. So the bug is not in the engine but in the browser's address bar code. BTW, thanks for moving RSS Bandit to SourceForge. IMHO, GotDotNet workspace needs to be overhauled ASAP because its performance is hurting instead of helping ASP.NET's marketing efforts.

Don Park

Sunday, May 06, 2007 5:53:04 AM (W. Europe Daylight Time, UTC+02:00)

GOOD TOOL

硬盘数据恢复

Comments are closed.