RE: [Full-disclosure] XSS in Oracle default fcgi-bin/echo
Dear Thor,
Amazing how people claim being logical ... sure sign they aren't!
> ... Irrespective of the method you choose to validate "bona-fide"
> recipients of your PoC, you will have no control over what the
> recipient chooses to do with it once they have it. As such, logic
> dictates that your PoC be considered "public" the moment you release
> it. ...
Does logic dictate that all people are rabid pro-disclosure zealots,
who do not respect copyright, IP rights, nor gentle personal requests
for discretion?
> ... don't fool yourself into thinking you are somehow being
> responsible ...
I do not own an over-inflated ego.
> ... or simply send the code to Oracle and ask them ...
Sorry to blow your assumption: sent to Oracle, ages ago, first thing.
Cheers, Paul
Paul Szabo psz@maths.usyd.edu.au http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
討論串 (同標題文章)
完整討論串 (本文為第 4 之 6 篇):