GSR-IconBannerAd_v1d

Security Advisories

Trustwave Press Releases

« TWSL2011-007: iOS SSL Implementation Does Not Validate Certificate Chain | Main | A whole lot of Spiders at DEF CON 19 »

26 July 2011

Comments

Bypass no 7, the solutions would also filter wide range of urls with extra "-", for example:

/wp-content/plugins/wp-jquery-lightbox/jquery.lightbox.min.js
/wp-content/plugins/wp-jquery-lightbox/styles/lightbox.min.css

or any content with multiple "-" in the file/folder path

Good write up but you got "Bypass #2 - Lessons Learned" repeated throughout rather than having the right lesson number.

Verify your Comment

Previewing your Comment

This is only a preview. Your comment has not yet been posted.

Working...
Your comment could not be posted. Error type:
Your comment has been posted. Post another comment

The letters and numbers you entered did not match the image. Please try again.

As a final step before posting your comment, enter the letters and numbers you see in the image below. This prevents automated programs from posting comments.

Having trouble reading this image? View an alternate.

Working...

Post a comment