Comment 12 for bug 1327414
Revision history for this message
| Tristan Cacqueray (tristan-cacqueray) wrote Re: www-authenticate value isn't quoted | #12 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
9199653
demo site
(Get the code!)
Indeed, appending the malicious code to a valid URL doesn't seems to work as it contains a "/".
Then the real impact would be remote code execution executed in victim browser, appearing from the swift server.
I don't think we need to make a list of the bad things that could happen at that point (e.g., local network exploitation)
@VMT am I missing something here ?