[Framework-Team] HTTP parameter polution
ric at digitalmarbles.com
Wed May 20 06:40:05 UTC 2009
On May 19, 2009, at 9:23 PM, Steve McMahon wrote:
> The paper mentions Plone, but all they found is that Plone rejects the
> bad input but "Since this error generates
> ~100 lines in the log file, it may be used to obfuscate other
> attacks." I found no serious vulnerability claim.
How odd. Just did the test myself and it generates a 70 line
traceback in the event log. I fail to see how this could possibly
"obfuscate other attacks"... unless you were completely clueless about
tracebacks. Steve is too kind. This claim is just ridiculous.
More information about the Framework-Team