Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

A few fixes and enhancements #1

Merged
merged 3 commits into from
Feb 27, 2014
Merged

A few fixes and enhancements #1

merged 3 commits into from
Feb 27, 2014

Conversation

craSH
Copy link
Contributor

@craSH craSH commented Feb 27, 2014

Fixed a few things that I noticed immediately when running against https://neg9.org/ - I have XSS in the Server: header value, which popped up in the report for this tool.

Future: Cleanup unicode handling (replacing u'blah' with blah and such?)

  * Use env(1) to find python executable instead of hardcoding the path of /usr/bin/python
  * HTML Entity encode header keys and values - these can be malicious data
@ChrisTruncer
Copy link
Contributor

Dude, that's awesome, really smart, and funny. Ha, thanks for doing that. Checking it out now.

@ChrisTruncer
Copy link
Contributor

Awesome, works great, and thanks for fixing the other stuff as well. This is a really funny instance, and showed a couple friends that you did that, and got a good laugh (embedding XSS in the server header value).

Thanks again for the patch, really appreciate it.

ChrisTruncer added a commit that referenced this pull request Feb 27, 2014
A few fixes and enhancements
@ChrisTruncer ChrisTruncer merged commit 36d4ccd into RedSiege:master Feb 27, 2014
@ChrisTruncer
Copy link
Contributor

Added extra notes to commit log and CHANGELOG calling you out for submitting the update to me. Thanks man.

@x00TateSec x00TateSec mentioned this pull request May 4, 2016
@DaScripter DaScripter mentioned this pull request Dec 1, 2016
@Slad3G Slad3G mentioned this pull request Dec 20, 2016
@Gam-7 Gam-7 mentioned this pull request May 1, 2018
ChrisTruncer pushed a commit that referenced this pull request Jan 14, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants