T-Dose website security issue

I am giving a talk at T-Dose while trying to add my user credentials I found this little error in the programming.
Please never take parameters unchecked in any programming language. But at least the T-Dose people added <%=h text => so you can't easily cross site script

1 comment:

vext01 said...

openbsd cvsweb has a similar "problem", it's not really a security issue as such is it? Just a fun little hack.

http://www.nabble.com/XSS-vulnerability-in-OpenBSD's-CVSweb-td19103661.html