lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]


Robert G. Jakabosky <bobby <at> sharedrealm.com> writes:

> 
> On Thursday 05, Henk Boom wrote:
> > http://www.lua.inf.puc-rio.br/rsp/step/?_html=%3Cscript+type%3D%22text/java
> >script%22%3Ealert(%22this+could+have+been+a+malicious+script%22)%3C/script%3
> >E
> >
> > in case line wrapping broke the url:
> >
> > http://bit.ly/crWYMP
> 
> Looks like there was a bug that made my session get the contents of _html from 
> your session.
> 

Yup there's definitely a bug "leaking" state between sessions. I just tried the
"shopping example" and did nothing else than keep klicking on the "state" link
and it kept adding items to my shopping cart randomly ;)