2009/3/11 Andres Riancho <andres.rian...@gmail.com>:
> http://host.tld/index.do?sp=1&sp=spam&sp=eggs
>
> ...
> XSS. After some small searching, I realized the repeated parameter
> names are actually a valid thing in the RFC, and is supported by
Yes, and one of the reasons why the cgi.parse_qs() function returns a
list of values for each key.
Like:
>>> cgi.parse_qs("sp=1&sp=spam&sp=eggs&foo=bar")
{'foo': ['bar'], 'sp': ['1', 'spam', 'eggs']}
Regards,
--
. Facundo
Blog: http://www.taniquetil.com.ar/plog/
PyAr: http://www.python.org/ar/
------------------------------------------------------------------------------
Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are
powering Web 2.0 with engaging, cross-platform capabilities. Quickly and
easily build your RIAs with Flex Builder, the Eclipse(TM)based development
software that enables intelligent coding and step-through debugging.
Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
_______________________________________________
W3af-develop mailing list
W3af-develop@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-develop
