<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
{mso-style-name:msonormal;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri",sans-serif;
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">Ok – for those of us less knowledgeable, how exactly is this “code injection” ?<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif">---<o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-family:"Arial",sans-serif">Lelio Fulgenzi, B.A.</span></b><span style="font-family:"Arial",sans-serif"> | Senior Analyst<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif;color:#333333">Computing and Communications Services</span><span style="font-family:"Arial",sans-serif"> | University of Guelph<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif">Room 037 Animal Science & Nutrition Bldg | 50 Stone Rd E | Guelph, ON | N1G 2W1<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif">519-824-4120 Ext. 56354 |
<a href="mailto:lelio@uoguelph.ca"><span style="color:#0563C1">lelio@uoguelph.ca</span></a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><a href="http://www.uoguelph.ca/ccs"><span style="font-family:"Arial",sans-serif">www.uoguelph.ca/ccs</span></a><span style="font-family:"Arial",sans-serif;color:#1F497D"> | @UofGCCS on Instagram, Twitter and Facebook<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-family:"Arial",sans-serif"><o:p> </o:p></span></p>
<p class="MsoNormal"><img border="0" width="187" height="100" style="width:1.9479in;height:1.0416in" id="Picture_x0020_1" src="cid:image001.png@01D5575D.1BE95830" alt="University of Guelph Cornerstone with Improve Life tagline"><o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><b>From:</b> cisco-voip <cisco-voip-bounces@puck.nether.net>
<b>On Behalf Of </b>Anthony Holloway<br>
<b>Sent:</b> Tuesday, August 20, 2019 1:38 PM<br>
<b>To:</b> Norton, Mike <mikenorton@pwsd76.ab.ca><br>
<b>Cc:</b> Cisco VoIP Group <cisco-voip@puck.nether.net><br>
<b>Subject:</b> Re: [cisco-voip] Bug Search Code Injection<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal">Exactly. Like there might be a feature disabled for preventing code injection on the site as a whole, and not all code injection displays something like that. In fact, I'd wager an attack via code injection would go unnoticed by the user
all together.<o:p></o:p></p>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<div>
<p class="MsoNormal">On Tue, Aug 20, 2019 at 12:08 PM Norton, Mike <<a href="mailto:mikenorton@pwsd76.ab.ca">mikenorton@pwsd76.ab.ca</a>> wrote:<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;margin-bottom:12.0pt"><span lang="EN-CA" style="color:#1F497D">Used to be that reading documentation articles about “null” – e.g. null routes, Null 0 interface, etc. – would give some rather, uh, “interesting”
results in the related community discussions box off to the side of the article. Agreed it is rather concerning. Basically every language has standard functions for properly sanitizing/escaping text so there is no excuse other than sloppiness... which makes
one wonder what else they are sloppy with.<br>
<br>
-mn</span><span lang="EN-CA"><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><b>From:</b> cisco-voip <<a href="mailto:cisco-voip-bounces@puck.nether.net" target="_blank">cisco-voip-bounces@puck.nether.net</a>>
<b>On Behalf Of </b>Anthony Holloway<br>
<b>Sent:</b> August 20, 2019 8:35 AM<br>
<b>To:</b> Cisco VoIP Group <<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a>><br>
<b>Subject:</b> [cisco-voip] Bug Search Code Injection<span lang="EN-CA"><o:p></o:p></span></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-CA"> <o:p></o:p></span></p>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-CA">Looks like I stumbled across some code injection on the following defect page:<o:p></o:p></span></p>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-CA"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-CA"><a href="https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvq27976" target="_blank">https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvq27976</a> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-CA"> <o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-CA">It's innocent enough, but concerning that it's even possible. <o:p></o:p></span></p>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-CA"> <o:p></o:p></span></p>
</div>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span lang="EN-CA"><img border="0" width="542" height="220" style="width:5.6458in;height:2.2916in" id="gmail-m_5499078534444947941_x005f_x0000_i1025" src="cid:image002.png@01D5575D.1BE95830" alt="image.png"><o:p></o:p></span></p>
</div>
</div>
</div>
</div>
</div>
</div>
<p class="MsoNormal">_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><o:p></o:p></p>
</blockquote>
</div>
</div>
</body>
</html>