Reflected XSS in cert.org

One of those sites which should be secure, is cert.org. There was Reflected HTML injection vulnerability from presenting Request URI back to HTML (works only with IE).

more ...




Request URI, Query String and URL encoding

In a web application program code often are used parameters REQUEST_URI to present current URL or QUERY_STRING to present current query GET parameters. Usually those parameters are nicely converted to URL encoding and it may seem safe to use them directly in HTML document or SQL query. But "usually" does not mean "always".

more ...


Today is 'The Other Tomorrow'

Finally, today is "The Other Tomorrow". The magical day which is referred for postponing tasks "it would be nice to be done one day". To be honest, I have postponed it for years. And now, huh, here it is.

more ...