> -----Original Message----- > From: Thijs Lensselink [mailto:dev@xxxxxxxx] > Sent: Tuesday, October 12, 2010 9:26 PM > To: php-general@xxxxxxxxxxxxx > Subject: Re: Zend studio location Cross-Domain > Scripting Vulnerability > > On 10/13/2010 12:19 AM, Daevid Vincent wrote: > > http://80vul.com/Zend%20studio/Zend%20studio%20location%20Cross.htm > > > > Interesting. A co-worker and I were JUST noticing how our > PHPDoc comments > > were being parsed pretty much verbatim including<b> tags > and links and > > stuff and thought, "wow, that's stupid, that's just a XSS > or injection > > waiting to happen". LOL. Guess someone's ears were burning. ;-) > > > > > > Why didn't you inform Zend before you went full disclosure? > > It's a nasty bug though!! You misunderstand. *I* did not write that web page. It was just coincidence that *I* encountered the same thing the other day and then someone on Reddit posted that URL. That's all. Timing. Thought I'd share with the PHP community here though since many of us use Zend (and perhaps PDT and Aptana have the same issue?) d -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
