[Tracker-discuss] [issue109] javascript injection?
Skip Montanaro
metatracker at psf.upfronthosting.co.za
Sun Mar 25 00:42:20 CET 2007
New submission from Skip Montanaro:
Passing this along from comp.lang.python. I don't know if it's different than
the other problems we are already dealing with or not.
Skip
From: John Bokma <john at castleamber.com>
Sender: python-list-bounces+skip=pobox.com at python.org
To: python-list at python.org
Subject: bugs.python.org has been compromised (urgent)
Date: 24 Mar 2007 22:34:38 GMT
X-Spambayes-Classification: ham; 0.07
Just got comment spam in:
http:// bugs.py thon.org/file7722/order-cialis.html
http:// bugs.py thon.org/file7722/order-cialis.html order cialis
http:// bugs.py thon.org/file7723/order-tramadol.html order tramadol
Seems someone found a nice hole in python.org and someone should be
severely spanked for allowing for JavaScript injection:
<script language=javascript>document.write(unescape('%3C%73%63%72%69%70
...>
PS: I probably won't read this group much after this initial post, but my
email address in the header works.
PPS: comment spam has been reported the normal way as well.
--
John MexIT: http://johnbokma.com/mexit/
personal page: http://johnbokma.com/
Experienced programmer available: http://castleamber.com/
Happy Customers: http://castleamber.com/testimonials.html
--
http://mail.python.org/mailman/listinfo/python-list
----------
messages: 556
nosy: montanaro
priority: bug
status: unread
title: javascript injection?
_______________________________________________________
Meta Tracker <metatracker at psf.upfronthosting.co.za>
<http://psf.upfronthosting.co.za/roundup/meta/issue109>
_______________________________________________________
More information about the Tracker-discuss
mailing list