[cisco-voip] Bug Search Code Injection
Norton, Mike
mikenorton at pwsd76.ab.ca
Tue Aug 20 13:08:19 EDT 2019
Used to be that reading documentation articles about “null” – e.g. null routes, Null 0 interface, etc. – would give some rather, uh, “interesting” results in the related community discussions box off to the side of the article. Agreed it is rather concerning. Basically every language has standard functions for properly sanitizing/escaping text so there is no excuse other than sloppiness... which makes one wonder what else they are sloppy with.
-mn
From: cisco-voip <cisco-voip-bounces at puck.nether.net> On Behalf Of Anthony Holloway
Sent: August 20, 2019 8:35 AM
To: Cisco VoIP Group <cisco-voip at puck.nether.net>
Subject: [cisco-voip] Bug Search Code Injection
Looks like I stumbled across some code injection on the following defect page:
https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvq27976
It's innocent enough, but concerning that it's even possible.
[image.png]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20190820/eb882334/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 72638 bytes
Desc: image002.png
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20190820/eb882334/attachment.png>
More information about the cisco-voip
mailing list